Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Verschieden Trojaner und Malware (Malwarebytelog+OTL Logs) (https://www.trojaner-board.de/85401-verschieden-trojaner-malware-malwarebytelog-otl-logs.html)

Majora 28.04.2010 02:18
Verschieden Trojaner und Malware (Malwarebytelog+OTL Logs)
 
Guten Morgen allerseits,


Vor zwei Tagen klickte ich auf einen Link den ich von einem Kumpel per MSN zugeschickt bekommen habe. Da ich recht aktiv mit ihm chatte kam mir nichts verdächtig vor und ZACK, da wars auch schon passiert.

Mehrere Viren gefunden, sämtliche Versuche sie vom System zu bekommen bisher vergeblich darum wende ich mich mal wieder vertrauenswürdig an die Profis~

Hier die Malwarebyte und OTL Logs:

Zitat:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4043

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28.04.2010 03:01:51
mbam-log-2010-04-28 (03-01-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 316526
Laufzeit: 55 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
C:\Users\Public\winvns.exe (Trojan.Downloader) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdsrvc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdsrvc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\winvns.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Majora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JAO07OS\m[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Majora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HLGU76H\n[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\***\Installer\super_pi_mod-1.5\super_pi_mod.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Users\Majora\AppData\Local\Temp\Jbw.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\winsvncs.txt (Malware.Trace) -> Quarantined and deleted successfully.
Zitat:
OTL logfile created on: 28.04.2010 03:07:36 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = D:\***\Installer
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 58,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 16 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 122,07 Gb Total Space | 49,04 Gb Free Space | 40,17% Space Free | Partition Type: NTFS
Drive D: | 343,69 Gb Total Space | 198,34 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WEIRD
Current User Name: Majora
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\***\Installer\OTL.exe (OldTimer Tools)
PRC - C:\Users\Majora\AppData\Local\Temp\Jbw.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe (mpc-hc@Sourceforge)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Windows\SysWOW64\CLWatson.exe (CyberLink)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe ()
PRC - C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe ()


========== Modules (SafeList) ==========

MOD - D:\***\Installer\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (skfiltv) -- C:\Windows\SysNative\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys (Logitech Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech Inc.)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (truecrypt) -- C:\Windows\SysWOW64\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\Windows\SysWOW64\drivers\MTictwl.sys ()
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.12 14:02:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2009.12.02 02:18:09 | 000,000,000 | ---D | M] -- C:\Users\Majora\AppData\Roaming\mozilla\Extensions
[2009.12.02 02:17:59 | 000,000,000 | ---D | M] -- C:\Users\Majora\AppData\Roaming\mozilla\Extensions\MediaCoder
[2009.12.02 02:18:09 | 000,000,000 | ---D | M] -- C:\Users\Majora\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard

O1 HOSTS File: ([2010.04.27 03:04:09 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [KBDriver] C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Spybot - Search & Destroy] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [SpybotDeletingA9351] File not found
O4 - HKLM..\RunOnce: [SpybotDeletingC4968] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingB4351] File not found
O4 - HKCU..\RunOnce: [SpybotDeletingD6053] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Majora\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Majora\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fb7bfc85-5b2d-11de-a85d-0021856271d2}\Shell - "" = AutoRun
O33 - MountPoints2\{fb7bfc85-5b2d-11de-a85d-0021856271d2}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.28 02:03:27 | 000,000,000 | ---D | C] -- C:\Users\Majora\AppData\Roaming\Malwarebytes
[2010.04.28 02:03:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.28 02:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.28 02:03:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.28 02:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.04.27 00:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.04.27 00:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.04.26 21:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.04.14 03:58:06 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.04.14 03:44:27 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.04.14 03:44:27 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.04.14 03:39:40 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010.04.14 03:39:39 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010.04.14 03:39:39 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010.04.14 03:39:39 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010.04.14 03:21:37 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.04.14 03:21:36 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.04.14 03:21:35 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.04.14 03:21:35 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.04.06 01:16:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.04.01 17:34:28 | 000,000,000 | ---D | C] -- C:\Users\Majora\AppData\Roaming\ApneaSoft
[2010.03.30 21:13:43 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.03.30 21:13:42 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.03.30 21:13:40 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.03.30 21:13:40 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.03.30 21:13:40 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.03.30 21:13:39 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.03.30 21:13:39 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.03.30 21:13:39 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010.03.30 21:13:39 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010.03.30 21:13:38 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010.03.30 21:13:38 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.28 03:08:33 | 006,029,312 | -HS- | M] () -- C:\Users\Majora\NTUSER.DAT
[2010.04.28 02:09:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.28 02:09:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.28 02:03:24 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.28 01:52:08 | 000,000,020 | ---- | M] () -- C:\Users\Majora\Documents\aionmemo_ 5242bb8.dat
[2010.04.27 17:19:27 | 000,000,276 | ---- | M] () -- C:\Windows\wininit.ini
[2010.04.27 16:50:50 | 000,195,584 | ---- | M] () -- C:\Windows\SysWow64\sshnas21.dll_old
[2010.04.27 14:15:42 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.27 14:15:42 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.27 14:15:42 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.27 14:15:42 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.27 14:15:42 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.27 14:09:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.27 14:09:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.27 04:18:00 | 000,524,288 | -HS- | M] () -- C:\Users\Majora\NTUSER.DAT{25e23249-0134-11df-aabc-001f3f057863}.TMContainer00000000000000000001.regtrans-ms
[2010.04.27 04:18:00 | 000,065,536 | -HS- | M] () -- C:\Users\Majora\NTUSER.DAT{25e23249-0134-11df-aabc-001f3f057863}.TM.blf
[2010.04.27 04:17:58 | 002,588,479 | -H-- | M] () -- C:\Users\Majora\AppData\Local\IconCache.db
[2010.04.27 03:59:24 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F75A382D-40A4-478E-BED1-A4E9C5B11C23}.job
[2010.04.27 03:04:09 | 000,392,729 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.04.27 00:20:25 | 000,001,097 | ---- | M] () -- C:\Users\Majora\Desktop\Spybot - Search & Destroy.lnk
[2010.04.26 21:17:43 | 000,002,561 | ---- | M] () -- C:\Users\Majora\Desktop\HiJackThis.lnk
[2010.04.26 19:47:05 | 000,160,256 | ---- | M] () -- C:\Windows\Jsiteb.exe
[2010.04.26 19:46:06 | 000,160,256 | ---- | M] () -- C:\Windows\Jsitea.exe
[2010.04.25 20:34:36 | 000,000,314 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.04.25 20:34:31 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\ApRadar 3.lnk
[2010.04.17 20:54:44 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.04.11 01:13:52 | 000,120,320 | ---- | M] () -- C:\Users\Majora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.06 14:47:49 | 000,000,782 | ---- | M] () -- C:\Users\Majora\Desktop\AOM.exe - Verknüpfung.lnk
[2010.04.01 01:19:52 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.28 02:03:24 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.27 16:50:50 | 000,195,584 | ---- | C] () -- C:\Windows\SysWow64\sshnas21.dll_old
[2010.04.27 00:51:15 | 000,000,276 | ---- | C] () -- C:\Windows\wininit.ini
[2010.04.27 00:20:25 | 000,001,097 | ---- | C] () -- C:\Users\Majora\Desktop\Spybot - Search & Destroy.lnk
[2010.04.26 21:23:10 | 000,160,256 | ---- | C] () -- C:\Windows\Jsiteb.exe
[2010.04.26 21:17:09 | 000,002,561 | ---- | C] () -- C:\Users\Majora\Desktop\HiJackThis.lnk
[2010.04.26 19:46:09 | 000,160,256 | ---- | C] () -- C:\Windows\Jsitea.exe
[2010.04.06 14:47:49 | 000,000,782 | ---- | C] () -- C:\Users\Majora\Desktop\AOM.exe - Verknüpfung.lnk
[2010.03.19 17:08:28 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2010.03.19 17:08:27 | 000,127,488 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.03.19 17:08:27 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.09.24 11:54:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 11:53:58 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.21 21:17:18 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.17 13:09:34 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys
[2009.06.17 13:04:13 | 000,000,917 | ---- | C] () -- C:\Windows\SysWow64\CLWatson.ini
[2009.06.17 13:02:41 | 000,000,923 | ---- | C] () -- C:\Windows\TVNXPDrv.ini
[2008.09.19 03:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
< End of report >
Und No.2

Zitat:
OTL Extras logfile created on: 28.04.2010 03:07:36 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = D:\Daniel's Zeuch\Installer
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 58,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 16 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 122,07 Gb Total Space | 49,04 Gb Free Space | 40,17% Space Free | Partition Type: NTFS
Drive D: | 343,69 Gb Total Space | 198,34 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WEIRD
Current User Name: Majora
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = E1 0B B4 13 DC 5B C8 01 [binary data]
"VistaSp2" = FD 93 F8 33 02 3D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winvns.exe" = C:\Users\Public\winvns.exe:*:Enabled:WinUpdSrvc -- File not found
"C:\Users\Public\winsvcn.exe" = C:\Users\Public\winsvcn.exe:*:Enabled:WindowsUpdateManager -- ()
"C:\Users\Public\winvns.exe" = C:\Users\Public\winvns.exe:*:Enabled:WinUpdSrvc -- File not found
"C:\Users\Public\winsvcn.exe" = C:\Users\Public\winsvcn.exe:*:Enabled:WindowsUpdateManager -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DB3F48-5FD2-456F-8FCA-927952CB1DD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{06E205A2-45B0-4493-AB51-17A01BA3FE36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{086169EB-CCE0-4EC8-9877-EC59DB13E341}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F74D4C8-FF86-4C91-9AD3-5857AF161CE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16BF1DF7-CB25-4B9F-BE65-1DFE026D36BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{182F42C5-B7FB-4217-8AB9-7B351165050E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18466191-6863-4EF2-BED3-03DBF27BC956}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{243F8DA4-08C0-4D21-877E-BD18EA222037}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24EB4C8C-6E4B-4EBE-BA3D-643D69D24747}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2555F625-908D-46F4-82BF-3E334F2908B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2710BB6E-5385-4B24-A72C-D9261B2E4DF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B025EEF-21E2-4832-95BB-57FBC6DF87CC}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{2B5B8A88-4766-43CF-8E96-3C748B4F1402}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2BFA3ABF-0406-4460-BF1D-A332FE019194}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C8E80C5-AD03-4EC0-9FA4-5462F148C689}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D931010-567D-4596-ACA8-D1817ECB00A4}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tveservice.exe |
"{31ADE369-8E24-4291-B46F-60CA34EF565D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3757BFC6-B68F-4948-BCBC-2B99CDA381C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38B3ED63-6913-44AD-84AF-B20129F71825}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E35125D-106F-4A51-B912-F78F0EA078FE}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tvenhance.exe |
"{40BE8633-D36C-4220-9FC6-E1F3DEC4A45D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{437E54EF-E479-454B-8540-B5F7B31BBCC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44DC3BE9-46EC-456B-927A-ED4FBC8ED925}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{491DB2DA-CCC7-4238-96AF-2C0E268F365A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4A158946-F694-46E5-A028-16F66D17BCDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B8F20D9-96DB-4A80-9188-DD5E96D8D522}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tvenhance.exe |
"{4C785D97-DFE6-430F-A253-3FABC777755F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4EDB3685-CC26-4381-BDEB-A4351230A615}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tveservice.exe |
"{5094811E-BED7-45E3-9F17-3BD03A22DDD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EFD5C6D-11A2-4A25-9870-BFDFA848D260}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{67390ADD-C207-4DC3-9BFC-EACA0343C680}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6883AAB0-4853-443C-8381-13FC89B1CABC}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tvenhance.exe |
"{76D7C4A2-88E8-4D8A-8FF0-1860E842B753}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A09111D-CF9B-412F-AB6B-DD05EC3CDE65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7FE65645-2D25-4839-A915-CE599C477F39}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{822ADBD3-C1FD-418E-B4FA-8BE63995771E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{86E0ED1E-4322-460F-B387-4665588A3824}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{8B36D49A-B719-4EA8-828F-1AEACCD2E241}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B47BAC0-EA43-4951-81B6-F6B162F989E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C58430C-A255-4595-8F6A-F73973D1571E}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tveservice.exe |
"{8D9BAE0C-640B-410D-AE15-4BB5DA6FABB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91A46BDF-A9ED-4EA2-AE29-1E2E720F0C96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96BD0301-71E5-4613-9706-320070288724}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{971A69C1-AC44-4BC7-B80D-EC5783DC78B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A7BA15B-08CF-4908-A02F-1DF6B5A7AB47}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tvenhance.exe |
"{9C460DC0-0F7D-4587-97FF-0C1F6E10E9D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9EA63C96-A422-49E8-BBE1-8F1B7431BE50}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A03B2D05-BF8C-460B-AEF6-1786744B8AE0}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{A38E7F69-F643-4747-A730-54C0F6E444ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A4DA2972-716D-443D-9665-A6E721CB9E81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5CC6AA1-26BF-46E7-8288-686ADBC34987}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6DD6F12-F0F0-4D35-A9C3-F72703CF4766}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACE77F8E-9988-4560-8191-47E6F7DE2BD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1AEDDC9-A86F-4E86-812C-3CC11541F382}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5941608-73BA-4B1D-96E4-E2F41459F56F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8BC1C7D-34F6-4D11-AA4F-B2ECE14181B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B9DD6E74-CA58-4B8B-B811-A1F8C01332C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAA7C497-72C4-46F4-BCC4-75EEA711A742}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C021C89F-F16C-410D-879F-3378089E0515}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7A41BA8-D812-489F-8382-252EB8E47E48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7C819BE-4624-487C-9E55-3214DFAC881A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA966A2D-ABAF-4460-8D43-CF916E05EDC3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6C52B0D-8FEC-4A0D-AEE4-8E5F29493D86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D774D2E3-3F3A-4E5C-AAC4-3400C21468C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0F2FABC-E5EA-477D-8D8E-53D425554FF0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E132168E-B30E-422A-B390-3F363F357AC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC53097F-44FD-4FCA-AE95-AC5C5BA42C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF67EDDF-2504-4CAD-B485-2382A48CC6CD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F10DABF6-53AF-47A8-9A8B-8AB2FE48D737}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F40433C6-4BAA-4800-96E4-70F3970800AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F798F8BB-043F-49AF-A470-6849E526AE00}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tveservice.exe |
"{F8AB1670-8455-453E-97FC-8903F2208D0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{0F4E46A0-C388-4C4F-9B3C-5573167C9439}C:\program files (x86)\final fantasy xi\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\final fantasy xi\playonline\squareenix\playonlineviewer\pol.exe |
"TCP Query User{2A056548-64BC-4BE0-AC53-0DD3EC360DED}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{2A9CB398-8049-41FC-99CE-7762B256C0CB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{50BA4F4D-567C-44F5-809A-539332E71F84}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{5B06DEB4-E576-4191-9AF3-AE954F57B13D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{6AF855D9-A462-45F8-A1D3-E20045369115}C:\program files (x86)\final fantasy xi\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\final fantasy xi\playonline\squareenix\playonlineviewer\pol.exe |
"TCP Query User{78C4AD62-69B3-45A5-B591-889EBC4D7094}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{A504D872-D64B-4CE3-BE0E-097311B9F7AC}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{D4C521AA-33B6-4EEE-A25E-0AF80C6D0380}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{EBAFF852-E068-4FDA-802D-34E0EF547313}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{17FF82FA-FA16-482D-AE68-F214E89BC914}C:\program files (x86)\final fantasy xi\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\final fantasy xi\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{1D52E1C2-F35E-4350-B4B2-7267DB07B2E3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{52A6350A-6EF2-4DAC-919E-EF4C70D2A990}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{59E12267-2E4E-4299-86B2-1E8BD9B3851F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{6EC29912-BFFE-4A1F-84AC-D1F5EDB7C2DB}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{7BDBC1E6-656C-4320-AF9A-6B3010FF11E1}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{93D2C9E5-E9E2-455E-96CC-91C10D7C92D0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{9E501FD5-22BB-4713-A141-4114CD21C6A1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{EA07223B-2F4F-4462-B9F2-36DE04B6D04F}C:\program files (x86)\final fantasy xi\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\final fantasy xi\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{FE15C0EB-81D4-4EFF-81BC-3149E8EE8BD2}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{88EB92AB-ABD3-E13C-3AEE-B7518354B55A}" = ATI Catalyst Install Manager
"{8AB5E15C-BDCB-7A93-9DBF-19C2DF39D0C7}" = ccc-utility64
"{900A29A0-52BA-4a78-8E6C-5F4F821397CE}" = Canon MF4010-Serie
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ProgDVB" = ProgDVB
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D1B03D-367A-4DA8-B8C5-E6210595DC5C}" = MSI TV@nywhere Satellite Pro Utilities
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Wings of the Goddess
"{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3EA5D881-A648-B489-F113-3A7D99EC936F}" = Catalyst Control Center InstallProxy
"{3FE799B6-6493-AD47-A5FA-F3FE144C7EF0}" = Catalyst Control Center HydraVision Full
"{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D21905A-5DB7-2F4C-4E97-80F352D2C3A9}" = Catalyst Control Center Graphics Previews Vista
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8214D5AF-8BA8-3551-A859-5EBDBD30D2FA}" = Catalyst Control Center Core Implementation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85693740-CB33-8E46-D05A-22EEAC2C14C3}" = Catalyst Control Center Graphics Full New
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A0D9C6B-ACB8-738E-2D1A-B437E2CF36B6}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"{A631DEC9-B966-4376-BF94-2D5582E537EB}" = Aion
"{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B471481F-8743-85EF-B551-45ED91BEEE76}" = Catalyst Control Center Graphics Previews Common
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C874DC88-F5E2-D566-2880-22A2FDA0C69C}" = CCC Help English
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DD9AA626-0FB1-43D6-90FE-BF906F7B6FBF}" = Multimedia Keyboard Driver 1.0
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E96A2C11-1139-7A34-C529-4D21832A34F6}" = Catalyst Control Center Graphics Light
"{EB2340D4-21DF-54B3-4C52-6C4F4B19F46D}" = ccc-core-static
"{ED90F5E3-960A-4BED-B1EF-777D6E4E080F}_is1" = ApRadar 3.0.0.37 Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"HaaliMkx" = Haali Media Splitter
"InstallShield_{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Die Flügel der Göttin
"InstallShield_{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"InstallShield_{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
"InstallShield_{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mp3tag" = Mp3tag v2.45d
"MSI Live Update 3" = MSI Live Update 3
"SysInfo" = Creative Systeminformationen
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"TuneUp Utilities" = TuneUp Utilities
"TVNXPDrv" = MSI TV@nywhere Satellite Pro BDA Driver
"Wakan" = Wakan 1.67
"Winamp" = Winamp
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26.04.2010 17:47:17 | Computer Name = weird | Source = VSS | ID = 12289
Description =

Error - 26.04.2010 17:47:22 | Computer Name = weird | Source = VSS | ID = 12289
Description =

Error - 26.04.2010 17:47:22 | Computer Name = weird | Source = VSS | ID = 12289
Description =

Error - 26.04.2010 19:15:10 | Computer Name = weird | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung trillian.exe, Version 4.1.0.24, Zeitstempel
0x4b72f4b1, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x6d617267, Prozess-ID 0xd34, Anwendungsstartzeit
01cae577137634b9.

Error - 26.04.2010 19:19:34 | Computer Name = weird | Source = WinMgmt | ID = 10
Description =

Error - 27.04.2010 08:09:36 | Computer Name = weird | Source = WinMgmt | ID = 10
Description =

Error - 27.04.2010 10:50:51 | Computer Name = weird | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Jbv.exe, Version 2.1.0.43, Zeitstempel 0x4ba3a52d,
fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18005, Zeitstempel 0x49e0379e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013bc6, Prozess-ID 0x11f0, Anwendungsstartzeit
01cae619071049c9.

Error - 27.04.2010 11:50:42 | Computer Name = weird | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Jby.exe, Version 2.1.0.43, Zeitstempel 0x4ba3a52d,
fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18005, Zeitstempel 0x49e0379e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013bc6, Prozess-ID 0x10bc, Anwendungsstartzeit
01cae62163a38059.

Error - 27.04.2010 12:15:50 | Computer Name = weird | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Jb0.exe, Version 2.1.0.43, Zeitstempel 0x4ba3a52d,
fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18005, Zeitstempel 0x49e0379e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00013bc6, Prozess-ID 0x137c, Anwendungsstartzeit
01cae624e6866669.

Error - 27.04.2010 13:01:15 | Computer Name = weird | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winsvcn.exe, Version 0.0.0.0, Zeitstempel 0x4bd58825,
fehlerhaftes Modul WS2_32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a798,
Ausnahmecode 0xc0000005, Fehleroffset 0x00016342, Prozess-ID 0xf0c, Anwendungsstartzeit
01cae602d973a139.

[ System Events ]
Error - 26.09.2009 05:22:02 | Computer Name = weird | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\MTictwl.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 26.09.2009 05:23:50 | Computer Name = weird | Source = Service Control Manager | ID = 7026
Description =

Error - 26.09.2009 12:51:28 | Computer Name = weird | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\MTictwl.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 26.09.2009 12:51:59 | Computer Name = weird | Source = Service Control Manager | ID = 7026
Description =

Error - 26.09.2009 14:40:42 | Computer Name = weird | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
001F3F057863 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 27.09.2009 06:00:44 | Computer Name = weird | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\MTictwl.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 27.09.2009 06:01:18 | Computer Name = weird | Source = Service Control Manager | ID = 7026
Description =

Error - 28.09.2009 06:26:03 | Computer Name = weird | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\MTictwl.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 28.09.2009 06:26:31 | Computer Name = weird | Source = Service Control Manager | ID = 7026
Description =

Error - 29.09.2009 06:49:35 | Computer Name = weird | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\MTictwl.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.


< End of report >

Schonmal Danke im Vorraus für die Bemühungen.

Mfg Majora ('-')/


P.S.: Kann mir einer vll noch nebenbei erklären was diese ganzen links im O1 sind? Kenne davon keinen einzigen und kommen mir ziemlich suspekt vor

Majora 28.04.2010 02:25
Omg glatt im falschen Forum gepostet... man merkt es ist noch früh =.=

Na dann pack ich hier mal auch noch ein Hjacklog rein ^^

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:28:00, on 28.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\Users\Majora\AppData\Local\Temp\Jbw.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [KBDriver] "C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe"
O4 - HKLM\..\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9351] command.com /c del "C:\Windows\System32\sshnas21.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4968] cmd.exe /c del "C:\Windows\System32\sshnas21.dll_old"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsUpdateManager] C:\Users\Public\winsvcn.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Majora\AppData\Local\Temp\Jbw.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4351] command.com /c del "C:\Windows\System32\sshnas21.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6053] cmd.exe /c del "C:\Windows\System32\sshnas21.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9828 bytes


Mfg Majora ('-')/

Majora 28.04.2010 14:30
so eben noch einen Spybot S&D drüberlaufen lassen

hier mal die Namen des Ungeziefers:

Virtumonde.sdn
Win32.FraudLoad
DNSFlush.cws


Greetz Majora ('-')/


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131