| Kiyamaro | 23.12.2010 18:00 |
Keylogger im System/Logs überprüfen
Hallo!
Offensichtlich bin ich von einem Keylogger oder irgendeiner HiJack Software infiziert worden. Aufgefallen ist mir dies, nachdem mein World of Warcraft Account geplündert wurde. In der Regel passiert das ja, wenn man sich einen Keylogger eingefangen hat. Direkt danach habe ich mir ein random Tool gesucht um nach Infizierungen zu suchen, da mein AVG ja die Infizierungen offensichtlich nicht bemerkt hat. Ich habe mir "Spyware Doctor" geladen und dieser hat auch gleich mehrere Bedrohungen gefunden und entfernt. Nun weiß ich natürlich nicht, ob ich tatsächlich von allem befreit bin, daher habe ich die Schritte in der FAQ befolgt und hoffe, dass mir auf diesem Weg geholfen werden kann. Kurz vorweg, ich habe KEINE Ahnung von Keyloggern oder Hijack Software, so dass ich wirklich alles Schritt für Schritt erledigen muss (allerdings war der Prozess in der FAQ ja gut erklärt).
Leider weiß ich nicht, wie man die Logs in Bildlaufleisten fast, deshalb müsst ihr vorerst mit den elendig langem Post vorlieb nehmen, entschuldigt! Aber vielleicht kann mir ja jemand verraten wie man das macht! :)
Hier also meine Logs: Log von MBAM:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5383
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
23.12.2010 15:42:48
mbam-log-2010-12-23 (15-42-48).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135685
Laufzeit: 4 Minute(n), 45 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden) defogger_disable.log:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:43 on 23/12/2010 (EvilTwin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- OTL Log:OTL Logfile: Code:
OTL logfile created on: 23.12.2010 17:15:12 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 33,49 Gb Free Space | 28,76% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 45,66 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
Drive F: | 116,44 Gb Total Space | 62,83 Gb Free Space | 53,95% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 57,21 Gb Free Space | 49,13% Space Free | Partition Type: NTFS
Computer Name: EVILTWIN-PC | User Name: EvilTwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010.12.23 15:06:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.11.11 00:40:24 | 000,421,160 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunesHelper.exe
PRC - [2010.11.10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010.11.10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010.10.27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2010.10.27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe
PRC - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2010.10.22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2010.10.22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2010.10.22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe
PRC - [2010.10.22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.08.15 13:03:40 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.15 10:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.07.15 10:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.07.09 16:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Programme\P4G\BatteryLife.exe
PRC - [2008.06.24 18:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Media\DMedia.exe
PRC - [2008.06.23 19:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.06.19 11:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Programme\ASUS\ASUS CopyProtect\ASPG.exe
PRC - [2008.06.17 21:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Programme\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.13 06:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.03 16:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Programme\ASUS\Splendid\ACMON.exe
PRC - [2008.04.10 10:32:18 | 001,796,648 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.04.10 10:32:18 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.23 09:51:28 | 000,151,552 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.11 21:40:10 | 000,098,304 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.04 18:48:06 | 000,106,496 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2007.08.15 10:20:16 | 000,106,496 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () -- C:\Programme\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 11:24:54 | 000,125,496 | ---- | M] () -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.05 15:53:44 | 001,040,384 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe
PRC - [2005.07.06 14:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
========== Modules (SafeList) ==========
MOD - [2010.12.23 15:06:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.09.20 10:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008.08.28 04:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008.04.10 10:31:36 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll
MOD - [2008.01.21 03:25:29 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 03:25:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008.01.21 03:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.01.21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2008.01.21 03:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.11.19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010.11.10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.08.15 14:45:34 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 11:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\I386\AsProcOb.sys -- (ASUSProcObsrv)
DRV - [2010.11.25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.11.09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010.09.13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010.09.07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010.09.07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.09.07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010.08.19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010.08.19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010.08.19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010.07.16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010.07.16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.05.28 21:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.07.03 09:30:14 | 000,200,112 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.06.17 09:49:52 | 002,153,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.03 07:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 09:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2008.05.07 10:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.03.17 01:42:22 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008.03.17 01:42:20 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008.03.17 01:42:16 | 000,017,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008.02.15 16:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.02.05 08:52:24 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2008.01.31 12:18:58 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2008.01.29 03:46:58 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.18 16:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.09.06 09:43:50 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007.08.03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 10:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.16 20:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010.11.24 15:36:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.23 14:45:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 13:41:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.09 13:23:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010.11.09 13:23:34 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Extensions
[2010.11.09 13:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.22 16:38:33 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Firefox\Profiles\tkgtrp6p.default\extensions
[2010.08.23 12:57:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Firefox\Profiles\tkgtrp6p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.11 12:41:11 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Firefox\Profiles\tkgtrp6p.default\extensions\firebug@software.joehewitt.com
[2010.12.22 16:38:33 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.09 16:42:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.27 18:25:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.29 10:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Miranda Fusion] F:\MirandaFusion\mfstart.exe (Miranda Fusion Team)
O4 - Startup: C:\Users\EvilTwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Sebis Dateien\Wallpaper\1235867722328.jpg
O24 - Desktop BackupWallPaper: D:\Sebis Dateien\Wallpaper\1235867722328.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{31824e6b-a863-11df-833e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{31824e6b-a863-11df-833e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found
O33 - MountPoints2\{59d0a038-a854-11df-a11e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{59d0a038-a854-11df-a11e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010.12.23 15:37:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.12.23 15:34:42 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\Desktop\Gmer
[2010.12.23 15:07:22 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\AppData\Roaming\Malwarebytes
[2010.12.23 15:07:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.23 15:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.23 15:06:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.23 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.23 14:21:14 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010.12.23 14:21:14 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010.12.23 14:21:12 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.12.23 14:21:12 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.12.23 14:20:56 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.12.23 14:20:56 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.12.23 14:20:41 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.12.23 14:20:29 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\AppData\Roaming\PC Tools
[2010.12.23 14:20:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.12.23 14:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.23 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.12.19 23:46:32 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\Desktop\critb.weed
[2010.12.18 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\Desktop\Songbook Blink 182
[2010.12.17 16:23:21 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\AppData\Roaming\ID3-TagIT 3
[2010.12.17 16:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ID3-TagIT 3
[2010.11.28 17:59:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010.11.28 17:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.11.28 14:51:45 | 000,000,000 | ---D | C] -- C:\Programme\World of Warcraft
[2010.08.15 12:24:34 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ==========
[2010.12.23 17:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.12.23 15:43:48 | 000,000,000 | ---- | M] () -- C:\Users\EvilTwin\defogger_reenable
[2010.12.23 15:35:28 | 000,000,713 | ---- | M] () -- C:\Users\EvilTwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.12.23 15:35:16 | 000,000,556 | ---- | M] () -- C:\Users\EvilTwin\Desktop\ERUNT.lnk
[2010.12.23 15:30:20 | 000,483,935 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.12.23 15:30:20 | 000,483,935 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.12.23 15:30:02 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.23 15:29:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.23 15:29:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.23 15:29:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.23 15:29:00 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.23 15:27:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.23 15:07:04 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 15:05:55 | 000,050,477 | ---- | M] () -- C:\Users\EvilTwin\Desktop\defogger.exe
[2010.12.23 15:05:38 | 000,472,152 | ---- | M] () -- C:\Users\EvilTwin\Desktop\Load.exe
[2010.12.23 14:58:51 | 000,002,367 | ---- | M] () -- C:\Users\EvilTwin\Desktop\HiJackThis.lnk
[2010.12.23 14:56:55 | 001,402,880 | ---- | M] () -- C:\Users\EvilTwin\Desktop\HiJackThis.msi
[2010.12.23 14:22:37 | 001,783,266 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010.12.23 14:20:53 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.12.23 14:19:07 | 000,512,992 | ---- | M] () -- C:\Users\EvilTwin\Desktop\sdsetup.exe
[2010.12.23 14:07:24 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.12.22 17:08:07 | 000,083,456 | ---- | M] () -- C:\Users\EvilTwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.22 13:10:49 | 102,345,073 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.17 01:08:00 | 000,720,444 | ---- | M] () -- C:\Users\EvilTwin\Desktop\Public Enemies.m4r
[2010.12.13 20:37:49 | 002,105,332 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.13 20:37:49 | 001,052,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.13 20:37:49 | 000,609,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.13 20:37:49 | 000,542,066 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.28 14:59:01 | 000,012,896 | ---- | M] () -- C:\Users\EvilTwin\Desktop\Schulden.ods
[2010.11.25 10:53:58 | 000,160,448 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.11.25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.11.25 10:42:10 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.11.24 15:36:36 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
========== Files Created - No Company Name ==========
[2010.12.23 15:43:48 | 000,000,000 | ---- | C] () -- C:\Users\EvilTwin\defogger_reenable
[2010.12.23 15:35:28 | 000,000,713 | ---- | C] () -- C:\Users\EvilTwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.12.23 15:35:16 | 000,000,556 | ---- | C] () -- C:\Users\EvilTwin\Desktop\ERUNT.lnk
[2010.12.23 15:07:04 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 15:05:55 | 000,050,477 | ---- | C] () -- C:\Users\EvilTwin\Desktop\defogger.exe
[2010.12.23 15:05:34 | 000,472,152 | ---- | C] () -- C:\Users\EvilTwin\Desktop\Load.exe
[2010.12.23 14:58:07 | 000,002,367 | ---- | C] () -- C:\Users\EvilTwin\Desktop\HiJackThis.lnk
[2010.12.23 14:56:51 | 001,402,880 | ---- | C] () -- C:\Users\EvilTwin\Desktop\HiJackThis.msi
[2010.12.23 14:22:11 | 001,783,266 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010.12.23 14:20:53 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.12.23 14:18:51 | 000,512,992 | ---- | C] () -- C:\Users\EvilTwin\Desktop\sdsetup.exe
[2010.12.21 17:24:46 | 184,185,990 | ---- | C] () -- C:\Users\EvilTwin\Desktop\himym-satws-s01e03.avi
[2010.12.21 16:19:40 | 182,558,488 | ---- | C] () -- C:\Users\EvilTwin\Desktop\himym-satws-s01e02.avi
[2010.12.21 16:19:27 | 184,390,206 | ---- | C] () -- C:\Users\EvilTwin\Desktop\himym-satws-s01e01.avi
[2010.12.19 23:54:06 | 408,916,770 | ---- | C] () -- C:\Users\EvilTwin\Desktop\going_downtown_big.wmv
[2010.12.19 20:55:53 | 728,801,280 | ---- | C] () -- C:\Users\EvilTwin\Desktop\Stand.By.Me.avi
[2010.12.17 01:07:58 | 000,720,444 | ---- | C] () -- C:\Users\EvilTwin\Desktop\Public Enemies.m4r
[2010.12.12 21:25:07 | 576,903,168 | ---- | C] () -- C:\Users\EvilTwin\Desktop\Stargate.SG-1.-.3x15.-.Die.Tollan.Triade.(DVDRip.XviD.1.2.AC3.german.MP3.english).avi
[2010.11.28 20:24:41 | 419,416,064 | ---- | C] () -- C:\Users\EvilTwin\Desktop\tvr-shield-s03e07-wsdvdrip.avi
[2010.11.28 16:04:06 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.11.24 15:36:36 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010.08.16 16:10:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.08.16 16:10:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.08.16 13:25:51 | 000,083,456 | ---- | C] () -- C:\Users\EvilTwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.15 14:53:00 | 000,000,023 | ---- | C] () -- C:\Windows\System32\ChkMail.ini
[2010.08.15 14:52:52 | 000,483,935 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.08.15 14:52:46 | 000,483,935 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.08.15 13:14:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010.08.15 12:37:48 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2010.08.15 12:07:50 | 000,000,680 | ---- | C] () -- C:\Users\EvilTwin\AppData\Local\d3d9caps.dat
[2008.07.01 18:28:38 | 000,061,440 | ---- | C] () -- C:\Programme\Common Files\CPInstallAction.dll
[2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Programme\Common Files\banner.jpg
[2007.06.12 09:34:50 | 000,035,822 | ---- | C] () -- C:\Programme\Common Files\ASPG_icon.ico
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.04.03 00:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998.05.06 05:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
========== LOP Check ==========
[2010.11.12 17:57:17 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\AVG10
[2010.10.25 12:08:00 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\gtk-2.0
[2010.12.19 17:50:07 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\ICQ
[2010.12.17 16:25:41 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\ID3-TagIT 3
[2010.09.17 12:57:31 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\ImgBurn
[2010.08.16 17:24:41 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\IrfanView
[2010.11.15 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\Miranda Fusion
[2010.08.27 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\OpenOffice.org
[2010.09.07 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\TeamViewer
[2010.11.09 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\Thunderbird
[2010.08.15 14:45:34 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\TuneUp Software
[2010.12.23 17:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.12.23 15:27:28 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008.08.25 10:37:36 | 000,000,041 | ---- | M] () -- C:\app3_DVD.LOG
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010.08.15 12:02:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007.04.04 20:01:54 | 000,000,019 | ---- | M] () -- C:\CA21.txt
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.09.21 09:06:38 | 000,024,165 | ---- | M] () -- C:\devlist.txt
[2008.09.21 09:06:31 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2010.12.23 15:29:00 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.10 18:20:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.07.22 13:25:29 | 001,048,576 | RH-- | M] () -- C:\M70V.BIN
[2008.08.01 13:31:07 | 000,000,014 | ---- | M] () -- C:\M70VM_M70VR_M70VN_VISTA.20
[2008.07.17 12:36:45 | 001,048,576 | RH-- | M] () -- C:\M70Vn.BIN
[2010.05.10 18:20:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.08.08 08:22:19 | 000,000,030 | ---- | M] () -- C:\NERO.LOG
[2008.07.04 05:35:34 | 000,000,021 | ---- | M] () -- C:\NIS2008.TXT
[2007.03.16 00:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_A.TXT
[2010.12.23 15:29:00 | 3533,877,248 | -HS- | M] () -- C:\pagefile.sys
[2008.09.20 19:58:08 | 000,000,105 | ---- | M] () -- C:\Pass.txt
[2008.07.24 10:05:52 | 000,002,386 | ---- | M] () -- C:\Patch.LOG
[2008.04.29 15:30:15 | 000,000,020 | ---- | M] () -- C:\READER_A.TXT
[2008.08.01 13:31:07 | 000,000,021 | ---- | M] () -- C:\RECOVERY.DAT
[2010.08.15 12:32:55 | 000,000,560 | ---- | M] () -- C:\RHDSetup.log
[2010.08.15 13:04:20 | 000,000,159 | ---- | M] () -- C:\setup.log
[2006.05.16 01:22:24 | 000,000,005 | ---- | M] () -- C:\store.log
[2008.09.21 07:44:39 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2008.09.21 07:43:42 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2008.07.31 23:40:18 | 000,000,021 | ---- | M] () -- C:\V552.txt
[2010.07.05 14:20:54 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010.07.05 14:20:54 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-15 12:43:37
========== Alternate Data Streams ==========
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
--- --- --- Extras-Log:OTL Logfile: Code:
OTL Extras logfile created on: 23.12.2010 17:15:12 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 33,49 Gb Free Space | 28,76% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 45,66 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
Drive F: | 116,44 Gb Total Space | 62,83 Gb Free Space | 53,95% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 57,21 Gb Free Space | 49,13% Space Free | Partition Type: NTFS
Computer Name: EVILTWIN-PC | User Name: EvilTwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "D:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E8CD78-CF3B-450C-B6E1-A93DF2DF2519}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24B1F0FF-766B-4BE2-80C4-76F9561F8F53}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D14631C-7431-4237-A71D-8526CE4C248F}" = rport=137 | protocol=17 | dir=out | app=system |
"{596F1518-FCE6-488A-8049-8CAC640CF979}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BFDCE27-A004-4195-B145-FA25411A6C85}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{851437C5-76C4-4335-8B69-5482CE081B7B}" = lport=139 | protocol=6 | dir=in | app=system |
"{8F73C3A9-DFF0-4CD2-82AF-102FD98EFF0C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98710CCB-A1A6-4D3B-AC9A-6A375DBFED12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9B0CCCC0-9D5C-4DB9-B484-8E4CBF207751}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BE8A54D-AF6B-4A7F-AF26-4AEE29D2C318}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A230C05A-98E6-44DA-BCBF-85EF38CB5B51}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A65346AD-F33C-45DF-B30A-5FFF2079F931}" = rport=139 | protocol=6 | dir=out | app=system |
"{ADE15EC2-5F9D-4B31-ADE2-E97152C52187}" = lport=138 | protocol=17 | dir=in | app=system |
"{B376A5EA-8BD4-4AB7-AEE2-6B703027A1BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B742DA63-AE87-43E6-BD8A-C5509CE94581}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{C2192BFA-6142-450E-97EB-BD21D6A6C5E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF5756A2-E813-4274-B5B0-F0EEFE84C0EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3AE72D3-3B2E-4D40-BF25-7931161DF498}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF9BE7B0-1402-48A8-B192-1228F7CB1B0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BEC0A4F-5891-4F46-B1FB-559CD23C897D}" = protocol=17 | dir=in | app=f:\starcraft ii\starcraft ii.exe |
"{0E557C90-D882-4413-81AD-5D49FB1390E1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1186FAD9-8757-41AF-AD39-C55F256E2426}" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base16939\sc2.exe |
"{14DC7133-24A4-42DF-95A1-94686CE6CE82}" = protocol=17 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{16D44434-0587-4A3E-908D-6301450DF3E9}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{17659E5F-3955-4714-9F9F-6892E6C07DA0}" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base16755\sc2.exe |
"{359DAC7E-A0BB-4DBC-A8A3-24AC353599CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36965403-1F05-4D89-AFC0-35BA225E8A34}" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base15405\sc2.exe |
"{36979C02-60C7-4307-A23D-A33FDEE52EB4}" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base16561\sc2.exe |
"{3901410D-49E4-4AF5-92AC-094DFC35A469}" = protocol=17 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{3A02538F-2A9C-45A8-A26F-FB0AE9859F4E}" = protocol=6 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{49BB944E-0E36-4197-B30B-C907F5490194}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E5DDEE4-F339-4558-927A-03AE92BA5A05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F79C2FC-3CDA-42D5-B0AB-6C323B179756}" = protocol=17 | dir=in | app=f:\mirandafusion\miranda32.exe |
"{5A1F4D11-94B9-4E8A-8F8B-26A20F8A92CB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{5CFA6BC4-4A22-41F3-9758-1C26ED54F48E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5E9B600D-BE78-4BA9-B307-0C8D0CBD0450}" = protocol=6 | dir=in | app=f:\mirandafusion\miranda32.exe |
"{5EC9DA4A-3546-4876-8A92-AAF0AF472119}" = protocol=17 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{5F371AF4-4F4C-4F9E-ABC7-DE12717564DF}" = protocol=6 | dir=in | app=f:\world of warcraft\blizzard downloader.exe |
"{605C2974-868D-4CF0-B2F2-19C9641A9BCB}" = protocol=6 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{62E4E530-56FB-4611-9CBC-5830BF959B3C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6ACE0E05-C891-4900-8C2C-D38FF23882D6}" = protocol=17 | dir=in | app=f:\world of warcraft\blizzard downloader.exe |
"{6E95307A-7A05-44B1-BEDB-CA2CC5F6414F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DF2523F-8438-4B7E-9DCA-2DBF5A48D7B0}" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base16755\sc2.exe |
"{7E5615EA-D19B-46DB-906C-F57BF83ED872}" = protocol=6 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{8350A28C-CCBD-44E5-91A1-40B25C2123C9}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.patch.exe |
"{836FC63E-F3A4-4762-A3F0-A74F9890C039}" = protocol=6 | dir=in | app=f:\starcraft ii\starcraft ii.exe |
"{84F6A2EE-6750-4E7F-85C4-1825D40ACC50}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{84FA17D1-282D-4189-A856-EB01AA0FC8A7}" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base16939\sc2.exe |
"{8C278D56-E5CA-42C6-8FA5-60BA2725E22F}" = protocol=6 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{9BEB14BE-D3D0-4192-8FE5-B7206431DECE}" = protocol=6 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{9EADF9D2-5CDB-401C-891B-64015B9CA3C4}" = protocol=17 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{A44602A0-AD83-4F26-99F8-F6B256068881}" = dir=in | app=d:\program files\itunes.exe |
"{A9D44C79-AE22-4036-80CA-7F76A4973400}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ACDCD13A-F0A9-434D-8566-2D13B5BE7372}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe |
"{B63225CE-4C49-49C2-A9BA-8D7A90D35D3E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B9088C31-A953-424C-AD42-20D5E6130585}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BD4660BD-239A-4C32-AA10-20F2E4995781}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C839B2C5-556B-45DE-A8B5-54677E316238}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C9DA05C2-136B-4F9A-B525-784680BB9634}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D1E3EB05-4317-4B2A-A605-1FF71496E65A}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.patch.exe |
"{D719C94C-3AD2-4676-A120-7319A988ABA4}" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base15405\sc2.exe |
"{E03DD120-EFE8-4F9E-B646-C6571E55123A}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe |
"{E907C19B-D5A4-49E6-B4C7-99738DE042F2}" = protocol=17 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{E96F37F9-3A79-49BB-8F65-331F3E3D7C6D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F16BF2E6-6F36-4523-9369-E78595FFC7B2}" = protocol=6 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{F7B93EFB-F8C9-4FAB-B3EF-A2DE0AEEB8BB}" = protocol=17 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{F7E082A9-9F43-44CB-84CB-F75DB4B389F1}" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base16561\sc2.exe |
"{F9AE67D5-6063-4F57-B9B9-816DAC549B23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{07D8E973-7258-4224-8E45-1E3F1CD5AF9B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9FF3F87C-D355-48B5-B3B1-B65DE606088C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{3D1D27D9-6EF4-4145-AD12-BE6A7DB49254}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9E386B28-18E8-4254-AF9C-2BB4CC36C44B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"AVG" = AVG 2011
"ERUNT_is1" = ERUNT 1.1j
"ID3-TagIT 3_is1" = ID3-TagIT 3
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MirandaFusion" = Miranda Fusion 2.1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.1.2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.12.2010 10:27:19 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:19 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:30:28 | Computer Name = EvilTwin-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.12.2010 10:51:44 | Computer Name = EvilTwin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.15530, Zeitstempel
0x4cd7c3b7, fehlerhaftes Modul gmer.exe, Version 1.0.15.15530, Zeitstempel 0x4cd7c3b7,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000c551, Prozess-ID 0x954, Anwendungsstartzeit
01cba2b0c0ba1182.
[ System Events ]
Error - 19.11.2010 07:15:07 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 19.11.2010 14:51:18 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 20.11.2010 14:06:55 | Computer Name = EvilTwin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.11.2010 um 21:49:03 unerwartet heruntergefahren.
Error - 20.11.2010 14:06:57 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 20.11.2010 22:42:41 | Computer Name = EvilTwin-PC | Source = DCOM | ID = 10010
Description =
Error - 21.11.2010 09:20:38 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 21.11.2010 16:22:17 | Computer Name = EvilTwin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.11.2010 um 21:20:27 unerwartet heruntergefahren.
Error - 21.11.2010 16:22:18 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 21.11.2010 16:36:04 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 22.11.2010 11:04:35 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
< End of report >
--- --- ---
Der Defogger Log kommt mir etwas kurz vor, habe ich da alles richtig gemacht? Ich hoffe ich habe alles beachtet was zur Lösung des Problems gebraucht wird. Ich danke euch schonmal im Vorraus!
Gruß
Kiyamaro |
