| |
| |||||||
Log-Analyse und Auswertung: Trojaner Windows RestoreWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.05.2011, 10:20
| #1 |
| |  Trojaner Windows Restore Guten Tag zusammen, mir hat vor kurzem der Trojaner Windows Restore den kompletten PC lahmgelegt. Eben mit den typischen Symptomen...Rechner langsamer, alle Dateien und Ordner versteckt/unsichtbar und die ständigen Fehlermeldungen betreffend der Festplatte. Ich habe schon mal in eurem Forum gelesen und bin die Anleitung durchgegangen. Nur bin ich mir nicht ganz sicher ob er wirklich komplett runter ist und ich habe auch Probleme den TDSS Killer auszuführen. Egal ob ich ihn normal oder "Als Administrator ausführen" öffne, das Tool startet nicht. Ich poste folgend mal meine Logfiles...wär super wenn ihr mir noch helfen könntet!  Markus |
|
26.05.2011, 10:22
| #2 |
| | Trojaner Windows Restore Malware Scan bevor ich mit RKill.exe die Viren entfernt habe.
__________________Ich weiß ich hab viele Treffer durch den Refog Key Logger. Den habe ich mal kurze zeit benötigt werde ich aber jetzt wieder deinstallieren. Aber wie man sieht gibt es auch einige Treffer die nichts mit dem KeyLogger zu tun haben. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6673 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 25.05.2011 14:29:13 mbam-log-2011-05-25 (14-29-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Q:\|) Durchsuchte Objekte: 267109 Laufzeit: 56 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 11 Infizierte Dateien: 109 Infizierte Speicherprozesse: c:\Windows\System32\MPK\MPK.exe (Refog.Keylogger) -> 12 -> Unloaded process successfully. Infizierte Speichermodule: c:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Delete on reboot. c:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yiMjvSkpKyOa (Trojan.FakeAlert) -> Value: yiMjvSkpKyOa -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (C:\Windows\system32\MPK\mpk.exe) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (c:\windows\system32\userinit.exe,C:\Windows\system32\MPK\mpk.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\programdata\MPK (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK (Refog.Keylogger) -> Delete on reboot. c:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang (Refog.Keylogger) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\yimjvskpkyoa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\46194424.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Users\Markus\AppData\Local\Temp\OCS\36\icq ignore checker 1.3 setup.exe (Trojan.Refroso) -> Quarantined and deleted successfully. c:\programdata\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40661_3574464352 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40661_3619240046 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40661_3803880671 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40661_3806080787 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40665_8168478356 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40665_8172278588 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40671_5285887153 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40671_5291292824 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40671_5293047801 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\icon.ico (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Delete on reboot. c:\Windows\System32\MPK\MPK.exe (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\MPK64.exe (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\MPKView.exe (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins000.msg (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins001.dat (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins001.exe (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins001.msg (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\brazilian.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\brazilian.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\English.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\French.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\German.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Italian.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Italian.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Japanese.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Japanese.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Polish.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Polish.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\portuguese.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\portuguese.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Romanian.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Russian.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Spanish.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Turkish.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Turkish.lng (Refog.Keylogger) -> Quarantined and deleted successfully. |
|
26.05.2011, 10:23
| #3 |
| | Trojaner Windows Restore Malware Scan (aktualisiert) nachdem ich RKill.exe ausgeführt habe:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6682 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.05.2011 09:31:18 mbam-log-2011-05-26 (09-31-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|Q:\|) Durchsuchte Objekte: 268466 Laufzeit: 1 Stunde(n), 41 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
26.05.2011, 10:24
| #4 |
| | Trojaner Windows Restore OTL Log Datei "Extras.txt"OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.05.2011 11:19:28 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Markus\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,97 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,47% Memory free
4,16 Gb Paging File | 2,42 Gb Available in Paging File | 58,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 15,38 Gb Free Space | 20,64% Space Free | Partition Type: NTFS
Drive D: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 3,75 Gb Total Space | 3,74 Gb Free Space | 99,76% Space Free | Partition Type: FAT32
Drive J: | 931,51 Gb Total Space | 842,26 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
Drive S: | 485,07 Mb Total Space | 350,09 Mb Free Space | 72,17% Space Free | Partition Type: FAT32
Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1694689400-2645676105-3050204030-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0096C337-2F51-4786-ACC9-B79372DFFB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{046E706C-0EB4-490C-BCD4-E8476B67AE58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0748F746-C5D3-46B8-A501-0C686B6F0DC8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{11002EB0-C13E-4877-A3DD-4EBF1811FC35}" = lport=57923 | protocol=6 | dir=in | name=pando media booster |
"{11C79A66-0122-446B-82F6-3483DCF8CFEE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{17053BD4-8153-4280-B2C8-0875E74999CB}" = lport=57923 | protocol=17 | dir=in | name=pando media booster |
"{17C557A9-5463-44E1-8A93-6C7224A17660}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{28D835DA-8988-4B8A-9B82-B0AE46938F59}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2CA70393-2D50-45E4-8921-A38CEC6E82CA}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{379F66B4-5BCC-46ED-95A7-791A1161E059}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3A29D43D-D31B-4248-8F15-5B67526D2F1A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3C2DB67E-2C75-42CC-A362-DBF649533E07}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{41930294-DC99-4470-ACAF-AE59B89574CE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43DD395A-B8CB-4524-AB51-3092857FA76E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4446F05E-54DA-481A-9495-8C4D4B92EE46}" = rport=139 | protocol=6 | dir=out | app=system |
"{4D6DFE8B-31DC-4017-9A42-E17500279349}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{66BE1653-48EB-43BF-9192-2A436B3B2F99}" = lport=445 | protocol=6 | dir=in | app=system |
"{6809911C-268E-4631-80C5-3162269DEBD0}" = rport=138 | protocol=17 | dir=out | app=system |
"{6AF46F95-273F-4778-AB35-D341B5F890CB}" = lport=57923 | protocol=6 | dir=in | name=pando media booster |
"{6EE4EAD7-2BC8-4B06-947E-EAED40DB56DC}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{6F8760E7-E65B-430B-9754-706E540FF75A}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher |
"{71816A09-D0AE-48F7-B2B2-B81498BFCCEE}" = rport=445 | protocol=6 | dir=out | app=system |
"{7306D4E7-A0B6-4D18-8B60-F33721699FEC}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher |
"{75B7195F-7B48-4ABE-9742-91C6C326B666}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7978BC31-FE2B-4314-94F8-A070C1318E48}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7AE34749-D72D-4887-9772-9371EA8AD466}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{7AEC91DF-3FE5-4E84-8F9C-E1BF698A5B5D}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{7AF0BCD1-E49B-4ED5-9F03-9A4712331168}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher |
"{7BA1C99D-D5AC-4445-8E92-6D5A80411D90}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{7C754AE4-4D68-466D-9C88-7377779B02F6}" = lport=61293 | protocol=6 | dir=in | name=torrent |
"{84D14490-B0F4-42CF-A9C4-8C98819EB546}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E678782-C1FE-4E0D-BAEF-EACCDAD40A66}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{A87E27FF-578F-45A1-BF29-6F33D6E4CBED}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B2C84540-4CA4-485A-98D9-E09F9B8F7D82}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9A6B1DE-428F-48E0-9455-E23DAD915085}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3C0F2D2-A5A2-47A3-8CD9-5301EBC8C582}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF4AD27C-7CE8-42D9-92B0-1CCD52695D0E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2463F12-8701-4512-AE5B-989954C36766}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D4A27D18-02F6-4DE1-9369-34EBF3D42A20}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |
"{D5615833-F429-4124-805A-D2EC6EFD9290}" = lport=137 | protocol=17 | dir=in | app=system |
"{DD95B2EB-E598-424B-99CD-1E247146F330}" = lport=57923 | protocol=17 | dir=in | name=pando media booster |
"{E6475C45-9188-4FE4-8F0D-1D4A9B4B2EE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E89A2F1E-CFAB-4024-99B6-2C80AF34D5A9}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher |
"{EB105673-0C2A-4A0A-9E7F-DEE92EDD56D4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EFA77698-DC58-4792-A078-4736FD966AB9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F749278A-C3B6-4DF7-B63B-6CFF8F25536E}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |
"{F85A3952-DFC7-4323-B2D0-0B3925E343EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FC75DE35-DE53-4537-B8AD-7F1B9973F18F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF867CD1-D241-4E69-B366-8AFD2CCDAE29}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0751FB3D-5FAF-4683-B4D8-0E2A7A019C69}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0C97732F-96FF-46D6-B884-3E9474A87080}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{13F7CDC6-7F86-407E-A89D-ED926B82E836}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{14C51757-E023-41D6-846F-915E4389B906}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1B62D310-7DBE-49B6-9365-5A15B786DA07}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1B890B21-00A0-40D0-B27F-E680B60BDA0C}" = protocol=6 | dir=in | app=c:\program files\icq away reader\icq away reader.exe |
"{1E976BF3-A76B-4F64-B404-BDC602156C6C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{20E406CB-FB5A-41A6-9679-3246457AD74B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{24FEFBDF-95F8-43D2-AEDD-AF2DB6CDC307}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{272EE981-B743-489E-96B5-88B4D6D5300F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B292643-DB03-4747-B8AC-3008D191BFFE}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{2DA9FCF2-DD5F-457D-A5DB-7D9EFD68FA76}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3474E941-85EA-4590-B42B-C15743F047B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39FBBB90-F625-441C-9185-12667F701CEE}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{3D034E0F-8D48-4D74-82B8-89FA9FEC6B9A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{41E18255-6FAA-4C6C-AA7C-1522808985ED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{42B2ED0F-0F53-407D-AE78-3805A38CD265}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{432A355F-DAC1-4F2F-B7DB-266DED844D09}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4D19EDAA-8523-43F6-9A45-10007853BD4A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4EC59525-AB7F-447E-AA71-7D437B7D2F1B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{548BAB49-C145-4709-A14A-87139BC46207}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54DEFAA0-FAA4-4E26-80FA-9C6649275BF0}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{577465C3-B71A-4287-84DC-C14AE6FBF359}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{57DC203D-A12A-41DD-BF3D-9703D68FCB6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{5BA2DF12-94F2-4698-ABA0-734E185B67AA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5CD89DEE-4ABC-4FC7-8FA9-8B1EFA434DB0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5E60C961-B438-4A98-9547-A6268C05F0AC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{612AA7AA-34B1-4A24-8F05-FF64D5682ECA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6584717A-013B-457C-B4C6-900CA1C6022C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{65B6FB5E-5336-4702-86BA-BAAF78285B16}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{67D90236-0FA6-4480-B85D-3D27A8AB8DC1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{699F5062-7B40-4CA3-8F76-F948B0A8D710}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{701841FB-4EF2-45F0-8B34-8A2BFA7DB369}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{73398886-F1E2-4420-B46D-799B39D68932}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{762FC02A-53AF-4684-ACF0-6A7EB72F4065}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{7CD270BD-FD65-469E-93BB-4E19D387FB50}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{7D9CEECB-869F-4261-9D82-D3E807A6F3C7}" = protocol=6 | dir=in | app=d:\hiw\stinstall.exe |
"{7DD0261E-EDCA-41F8-87E0-4ECB2A797150}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{7E5B6956-95FC-48F3-A00E-172C91EC3C69}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{84E6E25D-74D9-4086-AAEE-D5137C599EE7}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{858B60D4-C432-472C-BFD3-B7BAEFD64F22}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{8BC414F5-824B-480E-B286-7EB02F21A002}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8D6B0D68-07AB-4C40-AEF6-45897E75B45B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{972430D0-1753-491C-9D1B-757C2713D3FD}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{97C57EB5-FD10-43A0-A0E1-64A27D20B8EF}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{9BCF970E-FBF7-434D-8554-B663B530AD92}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A009C0B7-2FED-4AF1-816F-143A79B80DE0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A06755E5-9D5E-4C89-BD79-0C47FF6E15AF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A285FDB9-19A7-4800-896C-F2D6144DBD6E}" = protocol=17 | dir=in | app=d:\hiw\stinstall.exe |
"{A33720C7-368C-4C45-8FF3-0593730ED7B4}" = protocol=17 | dir=in | app=c:\program files\icq away reader\icq away reader.exe |
"{A91B10DA-37CD-4317-8668-3DE1C9F126B4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A9E6D45A-72C0-4546-88EF-99222ED687B9}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AAFFBD58-6BA0-412F-8381-85C2CBE8C02D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AC74BB58-7FB0-4D6F-8FDC-35005B2849EC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AD55D6A9-515B-4168-80E0-0C56B49104BC}" = protocol=6 | dir=in | app=c:\program files\icq away reader\icq away reader.exe |
"{B4F2DEC5-9153-414E-BA95-CF5575870698}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF31A6F3-444E-48FE-8993-4C4B6C28BEAE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C72FA299-FF0C-49E0-A028-0A9712B8EEB6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CB3A3307-6022-4FD6-96AF-918B4BF0C51A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D398A26A-46AC-4578-875E-C792B63DD037}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D48D1CF6-CBB7-4B6C-9EFC-D99CE831079E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC60E727-28C8-407C-A433-7846ECAEAF0F}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{DF1DB70C-8117-44F9-8224-78462D9F6552}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dugells\counter-strike source\hl2.exe |
"{E31795F8-F2A8-42E6-BA22-F277CC3E9993}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{E5DAF708-2972-4686-AE87-1F8DBDFDB757}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E6C6421C-113D-4AFD-9053-AAFC8E82B94D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC5362FE-A661-4BDA-A43C-15E3B4B8CA0E}" = protocol=17 | dir=in | app=c:\program files\icq away reader\icq away reader.exe |
"{EFFA45FA-17D2-48DB-B4AF-DE4300FD1696}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F22940E7-50CE-4AD7-916D-DC0364EB8BC8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dugells\counter-strike source\hl2.exe |
"{F550C182-CD2A-4595-B412-03CBF89D42D8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F895C602-C8A5-4634-93D5-8DC6A2873FD1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{FDE6D091-8017-45A5-B8F3-4312D8EE3F82}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{0B7B764A-4A8D-41C6-AA4B-4C1679668295}C:4\games\neu\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:4\games\neu\mohaa\mohaa.exe |
"TCP Query User{161BD8DD-D01E-4136-B6D6-656728658CAE}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{2CBABA83-9DC2-4AF2-944F-28D5EAA30B22}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{32E8C321-D942-40FA-8FBD-FEDB30B054CB}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe |
"TCP Query User{69269DA0-C000-4A55-995C-268E92284B26}E:\games\full games\cod\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\full games\cod\iw4mp.exe |
"TCP Query User{6A8032BD-0FF0-48BE-AF9B-4F243E452BA6}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe |
"TCP Query User{70BDCD93-E579-42D6-9949-A0AEC52B5222}C:\program files\efficasoft mobile express\mobileexpress.exe" = protocol=6 | dir=in | app=c:\program files\efficasoft mobile express\mobileexpress.exe |
"TCP Query User{7C441CA2-0EAD-44EF-9A71-23F4B66BD521}C:\users\markus\desktop\huawei\tftp32\tftpd32.exe" = protocol=6 | dir=in | app=c:\users\markus\desktop\huawei\tftp32\tftpd32.exe |
"TCP Query User{856E68E8-3A99-4068-BDE1-D3958556F357}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{86CA5ED5-B298-4B19-8232-AEC1BA231318}C:\users\markus\desktop\arbeit\huawei\tftp32\tftpd32.exe" = protocol=6 | dir=in | app=c:\users\markus\desktop\arbeit\huawei\tftp32\tftpd32.exe |
"TCP Query User{8EF83EC3-BADD-4CD2-894F-732702A2554D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{97C71A71-378D-4BF6-BCDC-CA816228E369}C:4\games\full games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:4\games\full games\tmnationsforever\tmforever.exe |
"TCP Query User{A069261D-65E2-4693-9EA3-2259C69CDB0D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{B71ED23A-7BD4-470C-BFD1-1ABC90DF1C80}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{B7F10A94-6436-4BBB-BA09-FF2DA6D6931C}C:\users\markus\desktop\tftp32\tftpd32.exe" = protocol=6 | dir=in | app=c:\users\markus\desktop\tftp32\tftpd32.exe |
"TCP Query User{BAC4E110-A0C3-4F30-A0CE-A514F6D4FD63}C:\users\markus\downloads\fritz.box_sl_wlan.04.34.recover-image.exe" = protocol=6 | dir=in | app=c:\users\markus\downloads\fritz.box_sl_wlan.04.34.recover-image.exe |
"TCP Query User{BBD5D1E9-D5DC-4D47-9443-21CE4895991D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{BFD7CCC4-B105-484B-B769-1CDA163ED9A3}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{C4AA9104-F9E8-47E1-8F0D-18AB4E93906A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{CC965EC4-9C1C-4EC9-B75C-82C7F7710234}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E08D9B29-575A-41E0-912E-349551EBF4AC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{E4B2AD48-810B-4F51-811B-C6B1CA37314F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F53606D2-DCCB-442B-90A4-22DACD9B65D5}C:\program files\steam\steamapps\dugells\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dugells\counter-strike source\hl2.exe |
"UDP Query User{03A73358-49AA-4A07-8876-66DF738FA3C6}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{09548E32-D704-4C8B-A61D-8FA0835E7EDB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0BFD0631-24D2-46C2-921E-D45D411DC085}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe |
"UDP Query User{1D540F8C-B78C-46E5-A65C-A1C692DFAE1A}C:\users\markus\downloads\fritz.box_sl_wlan.04.34.recover-image.exe" = protocol=17 | dir=in | app=c:\users\markus\downloads\fritz.box_sl_wlan.04.34.recover-image.exe |
"UDP Query User{20BDAFC2-5933-432F-9A73-0B20A23C975A}C:\users\markus\desktop\arbeit\huawei\tftp32\tftpd32.exe" = protocol=17 | dir=in | app=c:\users\markus\desktop\arbeit\huawei\tftp32\tftpd32.exe |
"UDP Query User{27B47232-8DC6-450C-8C1A-5FEB43514C97}C:4\games\neu\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:4\games\neu\mohaa\mohaa.exe |
"UDP Query User{417730D3-B3C6-468D-A524-CE2801DB4B86}C:\users\markus\desktop\huawei\tftp32\tftpd32.exe" = protocol=17 | dir=in | app=c:\users\markus\desktop\huawei\tftp32\tftpd32.exe |
"UDP Query User{494D8EAD-5690-4774-B0F0-3200B98C3445}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4FAC89A2-5A4A-45B8-AC30-AD7A25E6B82E}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe |
"UDP Query User{50A444AD-A328-4BE9-A09C-EB0CC6778ECE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{55DC9B65-AC89-428F-B75E-DA3C3AF79582}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{5FA48343-9EDA-4169-BC14-7209E0BE6556}C:\program files\steam\steamapps\dugells\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dugells\counter-strike source\hl2.exe |
"UDP Query User{8BCC0B27-13C6-4466-B3B6-F7C181E44AC5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9492F6BD-A3FD-4E92-B6FB-B82DFF9673C6}E:\games\full games\cod\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\full games\cod\iw4mp.exe |
"UDP Query User{98D61941-D2DF-4316-AA4E-AD24046AEAC4}C:4\games\full games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:4\games\full games\tmnationsforever\tmforever.exe |
"UDP Query User{A1F0222C-3B99-4DAF-9909-1FBCF0503C87}C:\program files\efficasoft mobile express\mobileexpress.exe" = protocol=17 | dir=in | app=c:\program files\efficasoft mobile express\mobileexpress.exe |
"UDP Query User{B3D83FC8-2712-48D6-A540-609F6E3FD796}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B3E01ABA-654C-41DE-ACBB-55C9F6707D13}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{B7039F02-0D25-4BDA-A945-8F71A340F309}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C1A278D7-5C66-469D-A30A-B76D443AE192}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D6DF769A-7C41-4891-BDCB-80D1C9AD2049}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DF1733C7-A559-43C9-B858-37CE686941DA}C:\users\markus\desktop\tftp32\tftpd32.exe" = protocol=17 | dir=in | app=c:\users\markus\desktop\tftp32\tftpd32.exe |
"UDP Query User{F91334F5-C145-4244-B973-429AD24CF47D}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75CE3777-A658-4523-A668-4CC193FECDB2}" = Configuration Software Tool R8B14 (COZBU 120 853/1)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D9EB1AF1-5A27-49E7-B83B-D3AB9FF407DD}" = Steganos Safe 12
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E95D2E2E-992A-4B3B-895A-C651EBCAC458}" = Tuning Tool
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi-Software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 2.7.9
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"IBM Notes" = Notes 6.02
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Opera 11.10.2092" = Opera 11.10
"Pidgin" = Pidgin
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"SerialSolutions" = Serial Solutions Device Driver Suite
"StudioLine Photo Classic" = StudioLine Photo Classic
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 18:40:24 | Computer Name = Markus-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.05.2011 20:57:44 | Computer Name = Markus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
0x49e01e78, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x3445a269, Prozess-ID 0x868, Anwendungsstartzeit
01cc1b1dfae53165.
[ System Events ]
Error - 26.05.2011 05:10:09 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.05.2011 05:18:28 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
26.05.2011, 10:26
| #5 |
| | Trojaner Windows Restore OTL Log Datei "OTL.txt"OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.05.2011 11:19:27 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Markus\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,97 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,47% Memory free 4,16 Gb Paging File | 2,42 Gb Available in Paging File | 58,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 15,38 Gb Free Space | 20,64% Space Free | Partition Type: NTFS Drive D: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 3,75 Gb Total Space | 3,74 Gb Free Space | 99,76% Space Free | Partition Type: FAT32 Drive J: | 931,51 Gb Total Space | 842,26 Gb Free Space | 90,42% Space Free | Partition Type: NTFS Drive S: | 485,07 Mb Total Space | 350,09 Mb Free Space | 72,17% Space Free | Partition Type: FAT32 Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Steganos Safe 12\Safe.exe (Steganos Software GmbH) PRC - C:\Programme\Steganos Safe 12\fredirstarter.exe (Steganos Software GmbH) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\Programme\XSManager\WTGService.exe () PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Programme\Common Files\NMSAccessU.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (NMSAccessU) -- C:\Programme\Common Files\NMSAccessU.exe () ========== Driver Services (SafeList) ========== DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (SLEE_17_DRIVER) -- C:\Windows\System32\drivers\SleeN17.sys (Softwareentwicklung Remus - ArchiCrypt - ) DRV - (SsInstal) -- C:\Windows\System32\drivers\SsInstal.sys (Brainboxes Limited) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (SsEnum) -- C:\Windows\System32\drivers\SsEnum.sys (Brainboxes Limited) DRV - (SsPort) -- C:\Windows\System32\drivers\SsPort.sys (Brainboxes Limited) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI Corporation) DRV - (slabbus) Argus over USB driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.08 02:11:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.08 02:11:31 | 000,000,000 | ---D | M] [2010.12.26 14:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions [2011.05.25 18:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\tfl6w3a2.default\extensions [2010.12.26 14:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\tfl6w3a2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.19 11:57:56 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\tfl6w3a2.default\searchplugins\icqplugin.xml [2011.05.07 01:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.06 10:18:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- [2009.09.22 22:51:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009.11.02 10:02:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.07.06 10:18:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TFL6W3A2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.05.08 02:11:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.07.06 10:17:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.05.08 02:11:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.08 02:11:28 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.05.08 02:11:28 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.08 02:11:28 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.08 02:11:28 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.08 02:11:28 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.09.27 21:42:58 | 000,000,935 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [SAFE12 File Redirection Starter] C:\Program Files\Steganos Safe 12\fredirstarter.exe (Steganos Software GmbH) O4 - HKLM..\Run: [SAFE12 HotKeys] C:\Program Files\Steganos Safe 12\SteganosHotKeyService.exe (Steganos Software GmbH) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [GameShadow] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8 - Extra context menu item: Free YouTube Download - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Markus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Markus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.22 07:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.05.30 08:54:04 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2010.01.26 11:15:22 | 000,000,191 | ---- | M] () - J:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{66efe11f-eac1-11df-b91b-001e371e9a5f}\Shell - "" = AutoRun O33 - MountPoints2\{66efe11f-eac1-11df-b91b-001e371e9a5f}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{8a204b85-a395-11de-8169-001e371e9a5f}\Shell - "" = AutoRun O33 - MountPoints2\{8a204b85-a395-11de-8169-001e371e9a5f}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{92429659-c130-11df-b95d-001e371e9a5f}\Shell\AutoRun\command - "" = J:\SanDiskMediaManager.EXE O33 - MountPoints2\{965227b2-6fe9-11e0-9009-001e371e9a5f}\Shell - "" = AutoRun O33 - MountPoints2\{965227b2-6fe9-11e0-9009-001e371e9a5f}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{b9a176c9-b8b9-11de-a577-001e371e9a5f}\Shell - "" = AutoRun O33 - MountPoints2\{b9a176c9-b8b9-11de-a577-001e371e9a5f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{de7f6b72-a439-11de-b4a6-001e371e9a5f}\Shell - "" = AutoRun O33 - MountPoints2\{de7f6b72-a439-11de-b4a6-001e371e9a5f}\Shell\AutoRun\command - "" = F:\CDautorun.exe O33 - MountPoints2\{fc093504-a165-11de-bd93-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fc093504-a165-11de-bd93-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2008.08.22 07:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.25 23:01:19 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe [2011.05.25 15:06:24 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Luwe [2011.05.25 15:06:24 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Isyzsi [2011.05.25 13:27:05 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes [2011.05.25 13:26:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.25 13:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.25 13:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.25 13:26:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.24 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.05.17 17:35:52 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\LolClient [2011.05.17 16:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2011.05.17 15:36:13 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\LeagueOfLegends [2011.05.17 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\PMB Files [2011.05.17 15:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011.05.17 15:03:50 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2011.05.17 15:03:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2011.05.17 14:55:20 | 000,000,000 | ---D | C] -- C:\Riot Games [2011.05.17 14:44:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\FIFA 07 [2011.05.13 08:34:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\Neuer Ordner [2011.05.06 08:52:25 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\Bilder Backnang [2011.04.27 22:41:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 22:41:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 22:41:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.26 13:20:20 | 000,312,488 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\updater4g.exe [2011.04.26 13:20:20 | 000,160,424 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe [2011.04.26 13:20:18 | 000,133,120 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_netamd.sys [2011.04.26 13:20:18 | 000,118,272 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_seramd.sys [2011.04.26 13:20:18 | 000,112,640 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_net32.sys [2011.04.26 13:20:18 | 000,103,680 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_ser32.sys [2011.04.26 13:20:18 | 000,103,424 | ---- | C] (Mobile Connector) -- C:\Windows\System32\drivers\cmnsusbser.sys [2011.04.26 13:20:18 | 000,052,128 | ---- | C] (Siano) -- C:\Windows\System32\drivers\smsbda.sys [2011.04.26 13:20:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\XSManager [2011.04.26 13:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager [2011.04.26 13:15:11 | 000,000,000 | ---D | C] -- C:\Programme\XSManager [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.26 11:15:21 | 000,004,880 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 11:15:21 | 000,004,880 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 10:50:26 | 000,224,256 | ---- | M] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.26 10:26:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.26 07:59:44 | 000,001,073 | ---- | M] () -- C:\Users\Markus\Desktop\Privat.lnk [2011.05.26 07:59:33 | 000,644,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.26 07:59:33 | 000,601,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.26 07:59:33 | 000,131,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.26 07:59:33 | 000,108,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.26 07:13:34 | 000,285,745 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.26 07:13:34 | 000,285,745 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.26 07:13:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.26 00:02:26 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{651C758F-489E-45AC-B507-9169CF622E9A}.job [2011.05.25 22:54:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.25 22:54:25 | 2110,058,496 | -HS- | M] () -- C:\hiberfil.sys [2011.05.25 22:53:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.25 13:26:55 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe [2011.05.24 22:36:56 | 000,000,144 | ---- | M] () -- C:\ProgramData\~46194424r [2011.05.24 22:36:56 | 000,000,112 | ---- | M] () -- C:\ProgramData\~46194424 [2011.05.24 22:36:51 | 000,000,344 | ---- | M] () -- C:\ProgramData\46194424 [2011.05.23 08:19:08 | 000,055,144 | ---- | M] () -- C:\Users\Markus\Desktop\bookmarks.html [2011.05.23 07:31:28 | 000,071,944 | ---- | M] () -- C:\Users\Markus\Desktop\bookmarks-2011-05-23.json [2011.05.19 15:25:26 | 000,000,680 | ---- | M] () -- C:\Users\Markus\AppData\Local\d3d9caps.dat [2011.04.30 23:45:17 | 000,843,254 | ---- | M] () -- C:\Users\Markus\Desktop\3.jpg [2011.04.30 23:43:31 | 000,022,754 | ---- | M] () -- C:\Users\Markus\Desktop\1.jpg [2011.04.30 23:43:19 | 000,057,746 | ---- | M] () -- C:\Users\Markus\Desktop\2.jpg [2011.04.30 23:43:05 | 000,129,932 | ---- | M] () -- C:\Users\Markus\Desktop\216221_168782513180532_100001463540079_408431_4047046_n.jpg [2011.04.26 13:15:15 | 000,001,712 | ---- | M] () -- C:\Users\Public\Desktop\XSManager.lnk [2011.04.26 13:15:12 | 000,103,424 | ---- | M] (Mobile Connector) -- C:\Windows\System32\drivers\cmnsusbser.sys [2011.04.26 13:15:12 | 000,101,056 | ---- | M] () -- C:\Windows\System32\drivers\dvb_nova_12mhz_b0.inp [2011.04.26 13:15:12 | 000,092,456 | ---- | M] () -- C:\Windows\System32\drivers\isdbt_nova_12mhz_b0.inp [2011.04.26 13:15:12 | 000,079,036 | ---- | M] () -- C:\Windows\System32\drivers\tdmb_nova_12mhz_b0.inp [2011.04.26 13:15:12 | 000,052,128 | ---- | M] (Siano) -- C:\Windows\System32\drivers\smsbda.sys [2011.04.26 13:15:12 | 000,000,040 | ---- | M] () -- C:\Windows\System32\drivers\smsbda.cfg [2011.04.26 13:15:11 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_netamd.sys [2011.04.26 13:15:11 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_seramd.sys [2011.04.26 13:15:11 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_net32.sys [2011.04.26 13:15:11 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_ser32.sys [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.26 07:59:44 | 000,001,073 | ---- | C] () -- C:\Users\Markus\Desktop\Privat.lnk [2011.05.25 22:43:37 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.25 22:43:37 | 000,001,712 | ---- | C] () -- C:\Users\Public\Desktop\XSManager.lnk [2011.05.25 22:43:37 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011.05.25 22:43:37 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.lnk [2011.05.25 22:43:37 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.05.25 22:43:37 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.05.25 22:43:37 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2011.05.25 13:26:55 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.24 22:36:56 | 000,000,144 | ---- | C] () -- C:\ProgramData\~46194424r [2011.05.24 22:36:56 | 000,000,112 | ---- | C] () -- C:\ProgramData\~46194424 [2011.05.24 22:36:50 | 000,000,344 | ---- | C] () -- C:\ProgramData\46194424 [2011.05.23 08:19:08 | 000,055,144 | ---- | C] () -- C:\Users\Markus\Desktop\bookmarks.html [2011.05.23 07:31:28 | 000,071,944 | ---- | C] () -- C:\Users\Markus\Desktop\bookmarks-2011-05-23.json [2011.05.08 12:42:44 | 000,169,196 | ---- | C] () -- C:\Users\Markus\Desktop\me.JPG [2011.04.30 23:45:17 | 000,843,254 | ---- | C] () -- C:\Users\Markus\Desktop\3.jpg [2011.04.30 23:43:19 | 000,057,746 | ---- | C] () -- C:\Users\Markus\Desktop\2.jpg [2011.04.30 23:43:05 | 000,129,932 | ---- | C] () -- C:\Users\Markus\Desktop\216221_168782513180532_100001463540079_408431_4047046_n.jpg [2011.04.30 23:42:55 | 000,022,754 | ---- | C] () -- C:\Users\Markus\Desktop\1.jpg [2011.04.26 13:20:18 | 000,101,056 | ---- | C] () -- C:\Windows\System32\drivers\dvb_nova_12mhz_b0.inp [2011.04.26 13:20:18 | 000,092,456 | ---- | C] () -- C:\Windows\System32\drivers\isdbt_nova_12mhz_b0.inp [2011.04.26 13:20:18 | 000,079,036 | ---- | C] () -- C:\Windows\System32\drivers\tdmb_nova_12mhz_b0.inp [2011.04.26 13:20:18 | 000,000,040 | ---- | C] () -- C:\Windows\System32\drivers\smsbda.cfg [2011.03.26 23:21:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.11.12 17:09:48 | 000,015,573 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2010.10.13 18:03:14 | 006,814,952 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2010.10.13 18:03:14 | 000,017,766 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2010.09.17 21:25:36 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.09.15 09:39:01 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2010.09.15 09:39:01 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010.01.13 13:07:30 | 000,022,328 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\PnkBstrK.sys [2010.01.13 13:07:13 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.12.24 15:25:23 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.12.24 15:25:23 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.12.15 23:36:21 | 000,000,052 | ---- | C] () -- C:\Windows\Relax.ini [2009.11.09 08:23:32 | 000,024,206 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\UserTile.png [2009.10.04 12:39:01 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI [2009.09.19 13:33:10 | 000,224,256 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.17 17:00:27 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.09.17 15:53:29 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini [2009.09.17 15:21:12 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.09.17 15:21:08 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.09.17 15:20:45 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.09.17 15:17:41 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.09.17 15:17:41 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.09.17 15:17:41 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.09.17 14:52:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.17 08:47:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.09.17 08:47:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 08:46:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 08:46:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.09.17 08:20:28 | 000,285,745 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.09.17 08:20:24 | 000,285,745 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.09.14 21:47:10 | 000,000,680 | ---- | C] () -- C:\Users\Markus\AppData\Local\d3d9caps.dat [2007.01.25 04:52:26 | 000,065,536 | ---- | C] () -- C:\Programme\Common Files\NMSAccessU.exe [2006.11.02 17:42:41 | 000,644,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:42:41 | 000,131,380 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:43 | 000,254,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,601,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,758 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll < End of report > |
|
| Themen zu Trojaner Windows Restore |
| administrator, anleitung, dateien, fehlermeldungen, folge, forum, guten, komplette, langsamer, ordner, poste, probleme, restore, runter, sichtbar, starte, startet, ständige, super, tdss, tool, troja, trojaner, windows, windows recovery, wirklich, zusammen |
Linear-Darstellung
