Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Renos.jm über FireFox eingefangen - richtig entfernt? (https://www.trojaner-board.de/80916-renos-jm-firefox-eingefangen-richtig-entfernt.html)

nattfoedd 28.12.2009 14:39
Renos.jm über FireFox eingefangen - richtig entfernt?
 
Hallo zusammen!

Euer Board hat mir mit meinem Problem denke ich schon recht weit geholfen.
Um wirklich sicher zu gehen, würde ich aber gerne die entsprechenden Logs nochmal durchsehen lassen.

Mein System:
Windows Vista Business 64 Service Pack 1 [dachte ich hätte SP2 drauf, aber anscheinend hab ich das verschlafen]
AV Antivir Personal
(Xeon W3520, Gigabyte UD5, 6GB DDR3 RAM, GTS250 - dürfte aber wohl unerheblich sein, in diesem Fall)

Mein Problem:
Gestern Abend gelangte über den Aufruf einer Seite im FireFox ein Trojaner der Art Renos.jm auf mein System. Wie und warum, kann ich mir selbst nicht erklären - auf jeden Fall schlug der WindowsDefender an, AntiVir dagegen gab keine Meldung von sich. Ich ging zunächst davon aus, daß sich das Problem also nun erledigt hat, jedoch wurde ich nun im Folgenden immer wieder auf Microsofts Searchengine Bing weitergeleitet. Nach dem Systemstart heute morgen, tauchte anschließend eine Fehlermeldung bzgl. einer fehlenden Datei [sshnas.dll] auf, nach kurzer Recherche ergab sich, daß diese mit LosAlamos bzw. AddAtom in Verbindung steht. Ich deaktivierte daraufhin die entsprechenden Systemstart Einträge in der MSConfig.

Weitere Schritte waren:

Antivir-Systemprüfung
Ergebnis:http://bildupload.sro.at/a/thumbs/antivir_ergebnis.jpg

CCleaner
Cleaner, als auch Registry Durchlauf
Neustart

Malwarebytes' Anti-Malware
Durchlauf - mit 11 gefundenen infizierten Dateien:
Code:
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3443
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

28.12.2009 12:09:07
mbam-log-2009-12-28 (12-08-59).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 468511
Laufzeit: 37 minute(s), 11 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11

Infizierte Speicherprozesse:
C:\Users\Clemens\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> No action

taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j8rpltrobq (Trojan.Dropper) -> No

action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChang

es (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Clemens\AppData\Local\Temp\a.exe (Trojan.Downloader) -> No action taken.
C:\Users\Clemens\AppData\Local\Temp\Setup.tmp (Adware.Agent) -> No action taken.
D:\Programme\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action

taken.
D:\Programme\...\...\...\nc.exe (PUP.KeyLogger) -> No action taken.
C:\Users\Clemens\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\Clemens\AppData\Local\Temp\b.exe (Trojan.Dropper) -> No action taken.
C:\Users\Clemens\AppData\Local\Temp\c.exe (Trojan.Dropper) -> No action taken.
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> No action taken.
Entsprechende Einträge von Anti-Malware entfernen lassen und nach Neustart weiterer Durchlauf mit folgendem positiven?! Ergebnis:
Code:
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3443
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

28.12.2009 13:24:51
mbam-log-2009-12-28 (13-24-51).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 468406
Laufzeit: 37 minute(s), 46 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


RSIT
Gibt nun folgende log-Datei aus:
Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Clemens at 2009-12-28 13:46:57
Microsoft® Windows Vista™ Business  Service Pack 1
System drive C: has 7 GB (9%) free of 80 GB
Total RAM: 6141 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:09, on 28.12.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
D:\Programme\EXPERTool\TBPANEL.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE
D:\Programme\RivaTuner v2.24\RivaTuner.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\conime.exe
D:\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Clemens.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [...]go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [...]go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [...]go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [...]go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [...]go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [...]go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [GAINWARD] D:\Programme\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus D120 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICCE.EXE /FU "C:\Windows\TEMP\E_SD42F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\SideBar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: HwMonTray.exe - Verknüpfung.lnk = D:\Programme\HWMonitor64_113\HwMonTray.exe
O4 - Global Startup: QuatoCalibrationLoader.lnk = D:\Programme\iColorDisplay\QuatoCalibrationLoader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [...]icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmdib.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9385 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{64BB3058-FB6B-44DD-8337-5FB88C292CF6}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-04-27 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-04-27 148888]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"QuickTime Task"=D:\Programme\QuickTime\QTTask.exe [2009-05-26 413696]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"=D:\Programme\EXPERTool\TBPanel.exe [2009-04-03 2181672]
"DAEMON Tools Lite"=D:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"AdobeBridge"= []
"EPSON Stylus D120 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICCE.EXE [2007-03-12 213504]
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\SideBar.exe [2008-01-21 1233920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HwMonTray.exe - Verknüpfung.lnk - D:\Programme\HWMonitor64_113\HwMonTray.exe
QuatoCalibrationLoader.lnk - D:\Programme\iColorDisplay\QuatoCalibrationLoader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Programme\xchat\xchat.exe"="D:\Programme\xchat\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-28 13:46:58 ----D---- C:\Program Files (x86)\trend micro
2009-12-28 13:46:57 ----D---- C:\rsit
2009-12-28 13:32:24 ----A---- C:\mbr.exe
2009-12-28 13:31:00 ----A---- C:\lopR.txt
2009-12-28 13:30:29 ----D---- C:\Lop SD
2009-12-28 11:29:25 ----D---- C:\Users\Clemens\AppData\Roaming\Malwarebytes
2009-12-28 11:29:21 ----D---- C:\ProgramData\Malwarebytes
2009-12-28 11:24:43 ----D---- C:\32788R22FWJFW
2009-12-27 22:00:56 ----SHD---- C:\Users\Clemens\AppData\Roaming\SystemProc
2009-12-21 12:05:58 ----RSH---- C:\Windows\system32\nbDX.dll
2009-12-21 12:05:58 ----RSH---- C:\Windows\system32\msfDX.dll
2009-12-21 12:05:58 ----RSH---- C:\Windows\system32\flvDX.dll
2009-12-14 17:58:04 ----A---- C:\Windows\system32\d3dx9_42.dll
2009-12-10 00:13:31 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 00:13:30 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 08:34:41 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 08:34:40 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 08:34:40 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 08:34:40 ----A---- C:\Windows\system32\occache.dll
2009-12-09 08:34:39 ----A---- C:\Windows\system32\mstime.dll
2009-12-09 08:34:39 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 08:34:39 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 08:34:39 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 08:34:39 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 08:34:39 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 08:34:39 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 08:34:39 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-09 08:34:38 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 08:34:38 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 08:29:25 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 08:29:25 ----A---- C:\Windows\system32\raschap.dll
2009-12-04 23:02:11 ----A---- C:\Windows\avisplitter.ini
2009-12-04 23:02:10 ----A---- C:\Windows\system32\yv12vfw.dll
2009-12-04 23:02:10 ----A---- C:\Windows\system32\xvidvfw.dll
2009-12-04 23:02:10 ----A---- C:\Windows\system32\xvidcore.dll
2009-12-04 23:02:09 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-12-04 23:02:09 ----A---- C:\Windows\system32\ff_vfw.dll
2009-12-04 22:54:04 ----D---- C:\ProgramData\NVIDIA
2009-12-04 22:53:58 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2009-12-04 22:53:17 ----D---- C:\Windows\system32\AGEIA
2009-12-04 22:53:17 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-12-04 22:53:07 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-12-04 22:52:09 ----A---- C:\Windows\system32\OpenCL.dll
2009-12-04 22:52:09 ----A---- C:\Windows\system32\nvwgf2um.dll
2009-12-04 22:52:07 ----A---- C:\Windows\system32\nvoglv32.dll
2009-12-04 22:52:06 ----A---- C:\Windows\system32\nvd3dum.dll
2009-12-04 22:52:06 ----A---- C:\Windows\system32\nvcuvid.dll
2009-12-04 22:52:05 ----A---- C:\Windows\system32\nvcuvenc.dll
2009-12-04 22:52:05 ----A---- C:\Windows\system32\nvcuda.dll
2009-12-04 22:52:04 ----A---- C:\Windows\system32\nvcompiler.dll
2009-12-04 22:52:03 ----A---- C:\Windows\system32\nvapi.dll
2009-12-04 22:52:01 ----D---- C:\NVIDIA
2009-12-03 19:28:18 ----A---- C:\Users\Clemens\AppData\Roaming\iCDPresets.txt

======List of files/folders modified in the last 1 months======

2009-12-28 13:47:08 ----D---- C:\Windows\Prefetch
2009-12-28 13:47:01 ----D---- C:\Windows\Temp
2009-12-28 13:46:58 ----RD---- C:\Program Files (x86)
2009-12-28 13:38:01 ----SHD---- C:\Windows\Installer
2009-12-28 13:37:58 ----SHD---- C:\System Volume Information
2009-12-28 13:32:27 ----D---- C:\Windows\System32
2009-12-28 13:32:26 ----D---- C:\Windows\inf
2009-12-28 13:28:20 ----D---- C:\Windows\SysWOW64
2009-12-28 13:28:16 ----D---- C:\Users\Clemens\AppData\Roaming\WTablet
2009-12-28 12:09:13 ----D---- C:\Windows\Tasks
2009-12-28 12:09:13 ----D---- C:\Windows
2009-12-28 11:29:22 ----D---- C:\Windows\system32\drivers
2009-12-28 11:29:21 ----D---- C:\ProgramData
2009-12-28 11:21:21 ----D---- C:\Windows\Debug
2009-12-27 22:21:22 ----D---- C:\Users\Clemens\AppData\Roaming\Azureus
2009-12-23 15:33:44 ----D---- C:\temp
2009-12-23 03:06:18 ----D---- C:\ProgramData\Microsoft Help
2009-12-23 03:06:17 ----RSD---- C:\Windows\assembly
2009-12-23 03:05:01 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-12-23 03:04:42 ----RSD---- C:\Windows\Fonts
2009-12-23 03:02:09 ----D---- C:\Program Files (x86)\Common Files\System
2009-12-23 03:02:09 ----A---- C:\Windows\win.ini
2009-12-21 11:57:18 ----AD---- C:\ProgramData\TEMP
2009-12-19 23:18:59 ----D---- C:\tmp
2009-12-10 10:29:09 ----D---- C:\Program Files (x86)\Internet Explorer
2009-12-10 00:16:04 ----D---- C:\Windows\winsxs
2009-12-04 22:53:07 ----D---- C:\Program Files (x86)\Common Files
2009-12-04 22:53:02 ----RD---- C:\Program Files
2009-12-04 22:19:43 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-12-04 19:11:26 ----D---- C:\Users\Clemens\AppData\Roaming\dvdcss
2009-12-02 22:54:54 ----D---- C:\Users\Clemens\AppData\Roaming\foobar2000

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 truecrypt;truecrypt; C:\Windows\SysWOW64\drivers\truecrypt.sys [2009-09-15 221376]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [2007-03-16 15648]
R3 cmudaxp;ASUS Xonar DS Audio Interface; C:\Windows\system32\drivers\cmudaxp.sys []
R3 cpuz131;cpuz131; \??\C:\Users\Clemens\AppData\Local\Temp\cpuz131\cpuz_x64.sys []
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-12-28 24072]
R3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2009-12-28 30528]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RivaTuner64;RivaTuner64; \??\D:\Programme\RivaTuner v2.24\RivaTuner64.sys [2009-05-14 19952]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys []
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S2 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver; \??\D:\Programme\iColorDisplay\DDCDrv.sys [2008-08-29 10240]
S3 autexqtw;autexqtw; C:\Windows\system32\drivers\autexqtw.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 mbr;mbr; \??\C:\Users\Clemens\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 RTCore64;RTCore64; \??\D:\Programme\rmclock_235_bin\RTCore64.sys []
S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 X-Rite;X-Rite USB Service; C:\Windows\system32\DRIVERS\XrUsb64.sys []
S3 zlportio;zlportio; \??\UNC\Clemens-laptop\g\Ultrastar\zlportio.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 spmd;SPM License Server; C:\spm\spmdib.exe [2008-11-25 617472]
R2 SQLBrowser;SQL Server-Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe []
R2 UserAccess7;SecuROM User Access Service (V7); C:\Windows\system32\UAService7.exe [2009-06-30 221184]
S2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-12-08 68136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-05-15 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-15 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-08 4466688]

-----------------EOF-----------------


Soweit so gut?

Allerdings sind unter Systemstart immernoch die deaktivierten Einträge der entsprechenden Dateien vorhanden!
http://bildupload.sro.at/a/thumbs/systemstart.jpg

Bei einer manuellen Suche nach den entsprechenden Dateien kommt allerdings nichts heraus.

AntiVir läuft momentan noch, hat bis jetzt allerdings auch noch nichts gefunden (dauert jedoch, da die Systemfestplatte Festplatte 1TB groß ist)

Was wären übrige, noch ausstehende Schritte das System zu prüfen?
(Prinzipiell wäre es eine Gelegenheit das System gleich mit Win7 neu aufzusetzen, dazu fehlt mir jedoch momentan die Zeit)

Vielen Dank!

cosinus 28.12.2009 22:45
Hallo und :hallo:

Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus. VISTA-User: Rechtsklick => Ausführen als Admin!!
Wähle die Sprache deiner Wahl und anschließend die Option 1.
Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).

nattfoedd 28.12.2009 22:55
Hier die txt - allerdings meldet Lop SD beim Ausführen einen Fehler ("Parameterformat falsch - 850.")
Code:
  --------------------\\  Lop S&D 4.2.5-0  XP/Vista

  Microsoft® Windows Vista™ Business  ( v6.0.6001 ) Service Pack 1
  x64-based PC ( Multiprocessor Free : Intel(R) Xeon(R) CPU          W3520  @ 2.67GHz )
  BIOS : Award Modular BIOS v6.00PG
  USER : Clemens ( Administrator )
  BOOT : Normal boot
  A:\ (USB)
  C:\ (Local Disk) - NTFS - Total:78 Go (Free:5 Go)
  D:\ (Local Disk) - NTFS - Total:390 Go (Free:266 Go)
  E:\ (Local Disk) - NTFS - Total:462 Go (Free:64 Go)
  F:\ (CD or DVD)
  G:\ (CD or DVD)

  "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
  Option : [1] ( 28.12.2009|22:48 )

  [ UAC => 0 ]
 
  --------------------\\  Ordner Verzeichnis unter Local

  [16.05.2009|17:18] C:\Users\Clemens\AppData\Local\Adobe
  [16.04.2009|21:32] C:\Users\Clemens\AppData\Local\Anwendungsdaten
  [20.04.2009|20:02] C:\Users\Clemens\AppData\Local\Apple
  [05.12.2009|00:03] C:\Users\Clemens\AppData\Local\Apple Computer
  [26.06.2009|20:02] C:\Users\Clemens\AppData\Local\ArmA 2 Demo
  [30.09.2009|20:44] C:\Users\Clemens\AppData\Local\Autodesk
  [04.12.2009|22:51] C:\Users\Clemens\AppData\Local\d3d9caps64.dat
  [27.12.2009|15:20] C:\Users\Clemens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  [06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_64bitEmulator_MSI20BF.txt
  [06.10.2009|15:34] C:\Users\Clemens\AppData\Local\dd_CrystalReports2007_MSI225D.txt
  [06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_CrystalReports2007_x64_MSI2311.txt
  [06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_CrystalReports2007LangPack_MSI235C.txt
  [06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_CrystalReports2007LangPack_x64_MSI23A1.txt
  [06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
  [06.10.2009|15:36] C:\Users\Clemens\AppData\Local\dd_depcheck_VS_PRO_90.txt
  [06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_Dexplorer90_retMSI1A44.txt
  [06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_DexplorerLP90_retMSI1AC3.txt
  [06.10.2009|15:22] C:\Users\Clemens\AppData\Local\dd_dotnetfx35error_lp.txt
  [06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_dotnetfx35install_lp.txt
  [06.10.2009|15:21] C:\Users\Clemens\AppData\Local\dd_error_vs_procore_90.txt
  [06.10.2009|15:37] C:\Users\Clemens\AppData\Local\dd_install_vs_procore_90.txt
  [06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_NET_Framework35_LangPack_MSI1A1D.txt
  [06.10.2009|15:30] C:\Users\Clemens\AppData\Local\dd_NETCFSetupv2_MSI1FC0.txt
  [06.10.2009|15:30] C:\Users\Clemens\AppData\Local\dd_NETCFSetupv35_MSI1FDA.txt
  [06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_PreReq_AMD64_MSI1A3D.txt
  [06.10.2009|15:33] C:\Users\Clemens\AppData\Local\dd_RDBG_AMD64_MSI2250.txt
  [06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_SQLCEToolsForVS2007_MSI2046.txt
  [06.10.2009|15:36] C:\Users\Clemens\AppData\Local\dd_SqlPubWiz.msi2416.txt
  [06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_SSCEDeviceRuntime_MSI2050.txt
  [06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_SSCERuntime_MSI203C.txt
  [06.10.2009|15:22] C:\Users\Clemens\AppData\Local\dd_VC_MinRed_MSI19EC.txt
  [30.09.2009|20:09] C:\Users\Clemens\AppData\Local\dd_vcredistMSI2094.txt
  [17.04.2009|16:48] C:\Users\Clemens\AppData\Local\dd_vcredistMSI5C34.txt
  [30.09.2009|20:09] C:\Users\Clemens\AppData\Local\dd_vcredistUI2094.txt
  [17.04.2009|16:48] C:\Users\Clemens\AppData\Local\dd_vcredistUI5C34.txt
  [06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_VSTOR_LP_MSI2035.txt
  [06.10.2009|15:30] C:\Users\Clemens\AppData\Local\dd_VSTOR_MSI1FFB.txt
  [06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_VSTOR20_LP_MSI2025.txt
  [06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_WinSDK_Build_x64_MSI23B8.txt
  [06.10.2009|15:36] C:\Users\Clemens\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI23FF.txt
  [06.10.2009|15:36] C:\Users\Clemens\AppData\Local\dd_WinSDK_RefInt_x64_MSI2410.txt
  [06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_WinSDK_Tools_x64_MSI23AA.txt
  [06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI23EC.txt
  [06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_WMPPC_5_0_MSI205D.txt
  [06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_WMSP_5_0_MSI208E.txt
  [04.11.2009|17:45] C:\Users\Clemens\AppData\Local\DFX
  [28.11.2009|16:05] C:\Users\Clemens\AppData\Local\Downloaded Installations
  [23.12.2009|09:34] C:\Users\Clemens\AppData\Local\GDIPFONTCACHEV1.DAT
  [28.12.2009|13:26] C:\Users\Clemens\AppData\Local\IconCache.db
  [07.09.2009|16:14] C:\Users\Clemens\AppData\Local\keyfile3.drm
  [28.12.2009|15:47] C:\Users\Clemens\AppData\Local\Last.fm
  [07.10.2009|16:00] C:\Users\Clemens\AppData\Local\Microsoft
  [15.05.2009|19:37] C:\Users\Clemens\AppData\Local\Microsoft Help
  [17.04.2009|18:27] C:\Users\Clemens\AppData\Local\MigWiz
  [17.04.2009|17:09] C:\Users\Clemens\AppData\Local\Mozilla
  [18.04.2009|00:09] C:\Users\Clemens\AppData\Local\Real
  [06.10.2009|15:22] C:\Users\Clemens\AppData\Local\SIT16427.tmp
  [28.12.2009|22:44] C:\Users\Clemens\AppData\Local\Temp
  [16.04.2009|21:32] C:\Users\Clemens\AppData\Local\Temporary Internet Files
  [27.05.2009|21:26] C:\Users\Clemens\AppData\Local\The Witcher
  [02.10.2009|11:51] C:\Users\Clemens\AppData\Local\Thunderbird
  [06.10.2009|15:37] C:\Users\Clemens\AppData\Local\uxeventlog.txt
  [16.04.2009|21:32] C:\Users\Clemens\AppData\Local\Verlauf
  [17.04.2009|06:48] C:\Users\Clemens\AppData\Local\VirtualStore
  [06.10.2009|15:30] C:\Users\Clemens\AppData\Local\VSMsiLog1B87.txt
  [44|Datei(en),] C:\Users\Clemens\AppData\Local\Bytes
  [23|Verzeichnis(se),] C:\Users\Clemens\AppData\Local\Bytes frei
 
  --------------------\\  Geplante Aufgaben unter C:\Windows\Tasks

  [28.12.2009 22:15][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{64BB3058-FB6B-44DD-8337-5FB88C292CF6}.job
  [28.12.2009 13:27][--ah-----] C:\Windows\tasks\SA.DAT
  [28.12.2009 13:26][--a------] C:\Windows\tasks\SCHEDLGU.TXT

  --------------------\\  Ordner Verzeichnis unter C:\ProgramData
 
  [15.05.2009|20:15] C:\ProgramData\Adobe
  [16.04.2009|21:30] C:\ProgramData\Anwendungsdaten
  [20.04.2009|20:02] C:\ProgramData\Apple
  [03.06.2009|17:41] C:\ProgramData\Apple Computer
  [02.11.2006|16:39] C:\ProgramData\Application Data
  [30.09.2009|20:46] C:\ProgramData\Autodesk
  [17.04.2009|16:49] C:\ProgramData\Avira
  [27.04.2009|21:08] C:\ProgramData\Azureus
  [16.05.2009|15:22] C:\ProgramData\Codemasters
  [06.06.2009|13:48] C:\ProgramData\DAEMON Tools Lite
  [02.11.2006|16:39] C:\ProgramData\Desktop
  [04.11.2009|17:45] C:\ProgramData\DFX
  [02.11.2006|16:39] C:\ProgramData\Documents
  [16.04.2009|21:30] C:\ProgramData\Dokumente
  [29.09.2009|07:53] C:\ProgramData\EPSON
  [16.04.2009|21:30] C:\ProgramData\Favoriten
  [02.11.2006|16:39] C:\ProgramData\Favorites
  [30.09.2009|20:44] C:\ProgramData\FLEXnet
  [17.04.2009|23:54] C:\ProgramData\Last.fm
  [15.05.2009|21:46] C:\ProgramData\LW8.cfg
  [15.05.2009|21:46] C:\ProgramData\LWEXT8.cfg
  [15.05.2009|21:46] C:\ProgramData\LWM8.cfg
  [28.12.2009|11:29] C:\ProgramData\Malwarebytes
  [07.10.2009|16:00] C:\ProgramData\Microsoft
  [23.12.2009|03:06] C:\ProgramData\Microsoft Help
  [17.05.2009|10:14] C:\ProgramData\ntuser.pol
  [28.12.2009|13:27] C:\ProgramData\NVIDIA
  [28.12.2009|13:28] C:\ProgramData\nvModes.001
  [28.12.2009|13:28] C:\ProgramData\nvModes.dat
  [06.10.2009|15:27] C:\ProgramData\PreEmptive Solutions
  [18.04.2009|00:09] C:\ProgramData\Real
  [19.10.2009|10:12] C:\ProgramData\Right Hemisphere
  [30.06.2009|19:16] C:\ProgramData\SecuROM
  [15.05.2009|20:01] C:\ProgramData\Soulseek
  [02.11.2006|16:39] C:\ProgramData\Start Menu
  [16.04.2009|21:30] C:\ProgramData\Startmenü
  [01.10.2009|12:19] C:\ProgramData\Tages
  [21.12.2009|11:57] C:\ProgramData\TEMP
  [02.11.2006|16:39] C:\ProgramData\Templates
  [16.04.2009|21:30] C:\ProgramData\Vorlagen
  [26.04.2009|19:43] C:\ProgramData\WindowsSearch
  [6|Datei(en),] C:\ProgramData\Bytes
  [37|Verzeichnis(se),] C:\ProgramData\Bytes frei

cosinus 28.12.2009 23:08
Das Log sieht nicht vollständig aus oder war das wirklich alles?

nattfoedd 28.12.2009 23:11
Das ist leider der komplette Inhalt der txt-Datei. Wie gesagt, Lop SD bricht mit der Meldung "Parameterformat falsch - 850." ab. (Wurde mit "Als Administrator ausführen" gestartet). Idee, woran das hängen könnte? Evtl nicht x64 kompatibel?

http://bildupload.sro.at/a/thumbs/lopsd.jpg

cosinus 29.12.2009 09:21
Ja, das könnte der 64-Bit-Kram sein :(
Ein 64-Bit-Windows zu bereinigen ist sowieso ein Krampf, da viele andere Tools auch nicht laufen. Allerdings hat die Sache ein Gutes, denn Rootkits sind (fast) unmöglich auf nem 64-Bit-Windows dank der Kernel-Patch-Protection (KPP, Patchguard).

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

nattfoedd 29.12.2009 10:31
Danke erstmal für Deine Hilfe! OTL hat geklappt und hier die beiden Files:

OTL.txt:
Code:
OTL logfile created on: 29.12.2009 10:13:05 - Run 1
OTL by OldTimer - Version 3.1.20.1    Folder = C:\Users\Clemens\Desktop
64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 70,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 5,18 Gb Free Space | 6,63% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 266,28 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 462,76 Gb Total Space | 64,48 Gb Free Space | 13,93% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CLEMENS-PC
Current User Name: Clemens
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Clemens\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\UAService7.exe (Sony DADC Austria AG.)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - D:\Programme\EXPERTool\TBPANEL.exe (Gainward Co.)
PRC - C:\Programme\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Programme\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
PRC - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - D:\Programme\RivaTuner v2.24\RivaTuner.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Clemens\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe ()
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (mi-raysat_3dsmax2010_64) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll ()
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe ()
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe ()
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\Windows\SysWOW64\UAService7.exe (Sony DADC Austria AG.)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (spmd) -- C:\spm\spmdib.exe (mental images GmbH)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 14:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys ()
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys ()
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys ()
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys ()
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys ()
DRV:64bit: - (X-Rite) -- C:\Windows\SysNative\DRIVERS\XrUsb64.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (truecrypt) -- C:\Windows\SysWOW64\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (RivaTuner64) -- D:\Programme\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (CSC) -- C:\Windows\CSC [2009.04.16 21:25:30 | 00,000,000 | ---D | M]
DRV - (cmudaxp) -- C:\Windows\cmudaxp.ini ()
DRV - (monitor) -- C:\Program Files (x86)\Autodesk\Backburner\monitor.exe (Autodesk, Inc.)
DRV - (WinI2C-DDC) -- D:\Programme\iColorDisplay\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows (R) Server 2003 DDK provider)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "[...]xyzspiegel.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1344
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Programme\FireFox3\components [2009.12.16 20:34:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Programme\FireFox3\plugins [2009.12.16 20:34:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: D:\Programme\Thunderbird\components [2009.10.02 11:51:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: D:\Programme\Thunderbird\plugins [2009.12.04 22:17:36 | 00,000,000 | ---D | M]
 
[2009.04.17 17:09:49 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Extensions
[2009.12.28 23:17:01 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions
[2009.12.18 15:29:33 | 00,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009.12.28 23:16:59 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.08.13 19:26:39 | 00,000,000 | ---D | M] (Password Exporter) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2009.12.18 15:29:33 | 00,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009.12.18 15:29:33 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.11 22:19:16 | 00,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.10.08 18:23:44 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\battlefieldheroespatcher@ea.com
[2009.04.17 20:33:19 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\moveplayer@movenetworks.com
[2009.07.14 19:41:24 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\OberonGameHost@OberonGames.com
 
O1 HOSTS File: (794 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1                                activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.DLL (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RivaTuner] D:\Programme\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] D:\Programme\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [QuickTime Task] D:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus D120 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICCE.EXE File not found
O4 - HKCU..\Run: [GAINWARD] D:\Programme\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\SideBar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [...]java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [...]java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [...]java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [...]icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.15 06:46:37 | 00,000,019 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.12.29 10:12:05 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe
[2009.12.28 13:46:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2009.12.28 13:46:57 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.28 13:30:29 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009.12.28 11:29:25 | 00,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\Malwarebytes
[2009.12.28 11:29:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.28 11:29:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.12.28 11:24:43 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009.12.27 22:00:56 | 00,000,000 | -HSD | C] -- C:\Users\Clemens\AppData\Roaming\SystemProc
[2009.12.21 12:05:58 | 00,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2009.12.21 12:05:58 | 00,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2009.12.21 12:05:58 | 00,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2009.12.21 12:05:58 | 00,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2009.12.21 12:05:58 | 00,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2009.12.21 12:05:58 | 00,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2009.12.21 12:05:58 | 00,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2009.12.21 12:05:58 | 00,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2009.12.14 17:58:04 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll
[2009.12.10 00:13:31 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2009.12.10 00:13:30 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2009.12.09 08:34:40 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009.12.09 08:34:40 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009.12.09 08:34:39 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2009.12.09 08:34:39 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009.12.09 08:34:39 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2009.12.09 08:34:39 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009.12.09 08:34:39 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009.12.09 08:34:39 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2009.12.09 08:34:39 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009.12.09 08:34:38 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009.12.09 08:34:38 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009.12.09 08:29:25 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2009.12.09 08:29:25 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2009.12.05 00:03:56 | 00,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Local\Apple Computer
[2009.12.04 23:02:11 | 00,839,680 | ---- | C] ([...]xyzmp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2009.12.04 23:02:11 | 00,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2009.12.04 23:02:10 | 00,070,656 | ---- | C] (xyzhelixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2009.12.04 22:54:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009.12.04 22:53:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2009.12.04 22:53:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2009.12.04 22:53:17 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2009.12.04 22:53:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009.12.04 22:53:02 | 00,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2009.12.04 22:52:09 | 04,241,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2009.12.04 22:52:09 | 00,076,392 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2009.12.04 22:52:07 | 14,064,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2009.12.04 22:52:06 | 09,333,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2009.12.04 22:52:06 | 02,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2009.12.04 22:52:05 | 04,001,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2009.12.04 22:52:05 | 01,989,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2009.12.04 22:52:04 | 11,381,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2009.12.04 22:52:03 | 01,249,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2009.12.04 22:52:01 | 00,000,000 | ---D | C] -- C:\NVIDIA
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Clemens\AppData\Local\*.tmp files -> C:\Users\Clemens\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.12.29 10:13:44 | 04,980,736 | -HS- | M] () -- C:\Users\Clemens\ntuser.dat
[2009.12.29 10:12:08 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe
[2009.12.29 10:08:26 | 00,069,263 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.12.29 10:08:25 | 00,069,263 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.12.29 10:08:25 | 00,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2009.12.29 10:08:25 | 00,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2009.12.29 10:08:20 | 00,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2009.12.29 10:08:01 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.29 10:08:01 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.29 10:08:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.29 10:07:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.28 23:44:17 | 00,524,288 | -HS- | M] () -- C:\Users\Clemens\ntuser.dat{5e155425-4d00-11de-b41e-00241d160ede}.TMContainer00000000000000000001.regtrans-ms
[2009.12.28 23:44:17 | 00,065,536 | -HS- | M] () -- C:\Users\Clemens\ntuser.dat{5e155425-4d00-11de-b41e-00241d160ede}.TM.blf
[2009.12.28 23:43:51 | 04,720,474 | -H-- | M] () -- C:\Users\Clemens\AppData\Local\IconCache.db
[2009.12.28 22:15:11 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{64BB3058-FB6B-44DD-8337-5FB88C292CF6}.job
[2009.12.28 13:38:21 | 00,002,453 | ---- | M] () -- C:\Users\Clemens\Desktop\HiJackThis.lnk
[2009.12.28 13:32:27 | 01,566,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.12.28 13:32:27 | 00,675,162 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2009.12.28 13:32:27 | 00,633,688 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.12.28 13:32:27 | 00,146,282 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2009.12.28 13:32:27 | 00,118,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.12.28 13:32:24 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2009.12.28 13:30:12 | 00,501,736 | ---- | M] () -- C:\Users\Clemens\Desktop\LopSD.exe
[2009.12.28 11:29:25 | 00,000,609 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.28 11:18:50 | 00,000,685 | ---- | M] () -- C:\Users\Clemens\Desktop\CCleaner.lnk
[2009.12.28 10:19:05 | 03,867,535 | ---- | M] () -- C:\Users\Clemens\Desktop\CoFi.exe
[2009.12.27 15:20:58 | 00,202,752 | ---- | M] () -- C:\Users\Clemens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.26 19:49:17 | 00,000,540 | ---- | M] () -- C:\Users\Clemens\LWHUB8.CFG
[2009.12.26 19:48:07 | 00,031,171 | ---- | M] () -- C:\Users\Clemens\LWM8.cfg
[2009.12.23 14:06:18 | 00,370,070 | ---- | M] () -- C:\Windows\hd_ico.ico
[2009.12.23 14:06:04 | 00,138,978 | ---- | M] () -- C:\Windows\hd_ico.ico.part
[2009.12.23 14:04:51 | 00,047,774 | ---- | M] () -- C:\Windows\hd_ico.png
[2009.12.23 10:37:15 | 00,001,219 | ---- | M] () -- C:\Users\Clemens\Desktop\Filme.lnk
[2009.12.23 09:35:00 | 03,320,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009.12.23 09:34:17 | 00,162,072 | ---- | M] () -- C:\Users\Clemens\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.12.23 03:02:09 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009.12.19 22:20:06 | 00,000,491 | ---- | M] () -- C:\Users\Clemens\BandSaw.cfg
[2009.12.18 20:01:54 | 00,256,403 | ---- | M] () -- C:\Users\Clemens\Desktop\wheezle1.jpg
[2009.12.17 22:53:58 | 00,017,496 | ---- | M] () -- C:\Users\Clemens\LW8.cfg
[2009.12.14 18:23:26 | 00,118,452 | ---- | M] () -- C:\Users\Clemens\LWEXT8.cfg
[2009.12.14 17:58:20 | 01,892,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll
[2009.12.07 18:23:08 | 00,074,880 | ---- | M] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2009.12.04 22:51:01 | 00,000,732 | ---- | M] () -- C:\Users\Clemens\AppData\Local\d3d9caps64.dat
[2009.12.03 20:29:02 | 00,003,582 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\iColorDisplay3.prefs
[2009.12.03 20:19:37 | 00,000,488 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\iColorDisplay3.lic
[2009.12.03 19:25:24 | 00,000,682 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.03 16:13:58 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Clemens\AppData\Local\*.tmp files -> C:\Users\Clemens\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.12.29 10:08:25 | 00,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2009.12.28 13:38:01 | 00,002,453 | ---- | C] () -- C:\Users\Clemens\Desktop\HiJackThis.lnk
[2009.12.28 13:32:24 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2009.12.28 13:30:11 | 00,501,736 | ---- | C] () -- C:\Users\Clemens\Desktop\LopSD.exe
[2009.12.28 11:29:25 | 00,000,609 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.28 11:29:21 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.28 11:18:50 | 00,000,685 | ---- | C] () -- C:\Users\Clemens\Desktop\CCleaner.lnk
[2009.12.28 10:18:46 | 03,867,535 | ---- | C] () -- C:\Users\Clemens\Desktop\CoFi.exe
[2009.12.23 14:06:16 | 00,370,070 | ---- | C] () -- C:\Windows\hd_ico.ico
[2009.12.23 14:05:52 | 00,138,978 | ---- | C] () -- C:\Windows\hd_ico.ico.part
[2009.12.23 14:04:50 | 00,047,774 | ---- | C] () -- C:\Windows\hd_ico.png
[2009.12.23 10:36:54 | 00,001,219 | ---- | C] () -- C:\Users\Clemens\Desktop\Filme.lnk
[2009.12.21 12:05:58 | 00,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2009.12.21 12:05:58 | 00,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2009.12.21 12:05:58 | 00,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2009.12.21 12:05:58 | 00,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2009.12.21 12:05:57 | 00,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2009.12.18 20:01:47 | 00,256,403 | ---- | C] () -- C:\Users\Clemens\Desktop\wheezle1.jpg
[2009.12.15 18:09:50 | 00,024,521 | ---- | C] () -- C:\Users\Clemens\Documents\Sample EN.gtd - backup 2.gt~
[2009.12.15 18:09:48 | 00,024,679 | ---- | C] () -- C:\Users\Clemens\Documents\Sample CZ.gtd
[2009.12.15 18:09:48 | 00,024,521 | ---- | C] () -- C:\Users\Clemens\Documents\Sample EN.gtd
[2009.12.10 00:13:31 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2009.12.10 00:13:30 | 00,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2009.12.10 00:13:30 | 00,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2009.12.09 08:34:42 | 05,686,272 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009.12.09 08:34:40 | 07,005,696 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009.12.09 08:34:40 | 01,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009.12.09 08:34:40 | 01,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009.12.09 08:34:40 | 00,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009.12.09 08:34:39 | 01,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009.12.09 08:34:39 | 00,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009.12.09 08:34:39 | 00,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009.12.09 08:34:39 | 00,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009.12.09 08:34:39 | 00,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2009.12.09 08:34:39 | 00,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009.12.09 08:34:39 | 00,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009.12.09 08:34:39 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2009.12.09 08:34:39 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009.12.09 08:34:38 | 01,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009.12.09 08:34:38 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009.12.09 08:29:25 | 00,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2009.12.09 08:29:25 | 00,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2009.12.04 23:02:11 | 00,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2009.12.04 23:02:11 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.12.04 23:02:10 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.12.04 23:02:10 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.12.04 23:02:09 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.12.04 23:02:09 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009.12.04 22:56:53 | 00,069,263 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.04 22:56:24 | 00,069,263 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.12.04 22:52:09 | 13,694,056 | ---- | C] () -- C:\Windows\SysNative\drivers\nvlddmkm.sys
[2009.12.04 22:52:09 | 05,915,752 | ---- | C] () -- C:\Windows\SysNative\nvwgf2umx.dll
[2009.12.04 22:52:09 | 00,076,904 | ---- | C] () -- C:\Windows\SysNative\OpenCL.dll
[2009.12.04 22:52:09 | 00,011,240 | ---- | C] () -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2009.12.04 22:52:09 | 00,008,862 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2009.12.04 22:52:07 | 19,223,144 | ---- | C] () -- C:\Windows\SysNative\nvoglv64.dll
[2009.12.04 22:52:06 | 11,775,080 | ---- | C] () -- C:\Windows\SysNative\nvd3dumx.dll
[2009.12.04 22:52:05 | 05,347,944 | ---- | C] () -- C:\Windows\SysNative\nvcuda.dll
[2009.12.04 22:52:05 | 02,332,264 | ---- | C] () -- C:\Windows\SysNative\nvcuvid.dll
[2009.12.04 22:52:05 | 02,028,136 | ---- | C] () -- C:\Windows\SysNative\nvcuvenc.dll
[2009.12.04 22:52:03 | 15,874,664 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2009.12.04 22:52:03 | 01,541,736 | ---- | C] () -- C:\Windows\SysNative\nvapi64.dll
[2009.12.04 22:52:03 | 00,202,344 | ---- | C] () -- C:\Windows\SysNative\nvcod178.dll
[2009.12.04 22:52:03 | 00,202,344 | ---- | C] () -- C:\Windows\SysNative\nvcod.dll
[2009.12.03 19:31:29 | 00,000,488 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\iColorDisplay3.lic
[2009.12.03 19:28:18 | 00,003,582 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\iColorDisplay3.prefs
[2009.12.03 19:28:18 | 00,000,033 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\iCDPresets.txt
[2009.12.03 19:27:58 | 00,033,600 | ---- | C] () -- C:\Windows\SysNative\drivers\XrUsb64.sys
[2009.12.03 19:25:24 | 00,000,682 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk
[2009.11.26 19:36:49 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2009.11.17 18:23:10 | 00,000,053 | R--- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2009.11.17 18:23:03 | 00,139,264 | R--- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2009.11.17 18:22:49 | 00,041,410 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2009.11.17 18:22:29 | 00,000,862 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2009.11.17 18:22:27 | 00,004,967 | R--- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2009.10.27 23:22:13 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.10.17 17:52:28 | 00,000,315 | ---- | C] () -- C:\Windows\doom3.ini
[2009.10.09 14:47:32 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.10.09 12:57:17 | 00,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.10.09 12:57:17 | 00,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.10.06 15:36:08 | 00,185,418 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_SqlPubWiz.msi2416.txt
[2009.10.06 15:36:05 | 00,283,618 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_RefInt_x64_MSI2410.txt
[2009.10.06 15:36:00 | 00,735,094 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI23FF.txt
[2009.10.06 15:35:54 | 00,440,252 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI23EC.txt
[2009.10.06 15:35:38 | 05,358,576 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_Build_x64_MSI23B8.txt
[2009.10.06 15:35:34 | 00,653,468 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_Tools_x64_MSI23AA.txt
[2009.10.06 15:35:31 | 00,252,652 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_CrystalReports2007LangPack_x64_MSI23A1.txt
[2009.10.06 15:35:10 | 00,551,574 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_CrystalReports2007LangPack_MSI235C.txt
[2009.10.06 15:34:47 | 02,486,258 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_CrystalReports2007_x64_MSI2311.txt
[2009.10.06 15:33:52 | 04,636,286 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_CrystalReports2007_MSI225D.txt
[2009.10.06 15:33:48 | 01,258,434 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_RDBG_AMD64_MSI2250.txt
[2009.10.06 15:33:28 | 01,448,396 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.06 15:31:45 | 00,291,922 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_64bitEmulator_MSI20BF.txt
[2009.10.06 15:31:30 | 05,146,448 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WMSP_5_0_MSI208E.txt
[2009.10.06 15:31:15 | 07,062,270 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WMPPC_5_0_MSI205D.txt
[2009.10.06 15:31:11 | 00,736,770 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_SSCEDeviceRuntime_MSI2050.txt
[2009.10.06 15:31:08 | 00,332,994 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_SQLCEToolsForVS2007_MSI2046.txt
[2009.10.06 15:31:05 | 00,377,600 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_SSCERuntime_MSI203C.txt
[2009.10.06 15:31:03 | 00,297,174 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_VSTOR_LP_MSI2035.txt
[2009.10.06 15:30:58 | 00,944,454 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_VSTOR20_LP_MSI2025.txt
[2009.10.06 15:30:45 | 00,843,820 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_VSTOR_MSI1FFB.txt
[2009.10.06 15:30:36 | 01,047,898 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_NETCFSetupv35_MSI1FDA.txt
[2009.10.06 15:30:27 | 01,014,268 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_NETCFSetupv2_MSI1FC0.txt
[2009.10.06 15:24:56 | 52,955,438 | ---- | C] () -- C:\Users\Clemens\AppData\Local\VSMsiLog1B87.txt
[2009.10.06 15:23:56 | 00,343,146 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_DexplorerLP90_retMSI1AC3.txt
[2009.10.06 15:23:17 | 02,863,912 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_Dexplorer90_retMSI1A44.txt
[2009.10.06 15:23:15 | 00,368,326 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_PreReq_AMD64_MSI1A3D.txt
[2009.10.06 15:23:05 | 00,609,960 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_NET_Framework35_LangPack_MSI1A1D.txt
[2009.10.06 15:23:00 | 00,034,086 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009.10.06 15:22:59 | 00,075,526 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_dotnetfx35install_lp.txt
[2009.10.06 15:22:59 | 00,000,002 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_dotnetfx35error_lp.txt
[2009.10.06 15:22:50 | 00,839,124 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_VC_MinRed_MSI19EC.txt
[2009.10.06 15:21:50 | 00,227,189 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009.10.06 15:21:46 | 00,663,570 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_install_vs_procore_90.txt
[2009.10.06 15:21:46 | 00,031,784 | ---- | C] () -- C:\Users\Clemens\AppData\Local\uxeventlog.txt
[2009.10.06 15:21:46 | 00,000,002 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_error_vs_procore_90.txt
[2009.09.30 20:09:34 | 00,415,900 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_vcredistMSI2094.txt
[2009.09.30 20:09:34 | 00,011,406 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_vcredistUI2094.txt
[2009.09.07 16:14:13 | 00,004,096 | -H-- | C] () -- C:\Users\Clemens\AppData\Local\keyfile3.drm
[2009.08.31 13:27:13 | 00,000,084 | ---- | C] () -- C:\Windows\winamp.ini
[2009.08.03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.05.15 21:46:18 | 00,118,188 | ---- | C] () -- C:\ProgramData\LWEXT8.cfg
[2009.05.15 21:46:18 | 00,025,760 | ---- | C] () -- C:\ProgramData\LWM8.cfg
[2009.05.15 21:46:18 | 00,017,486 | ---- | C] () -- C:\ProgramData\LW8.cfg
[2009.05.15 19:54:09 | 00,000,688 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.17 23:40:48 | 00,202,752 | ---- | C] () -- C:\Users\Clemens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.17 21:37:59 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009.04.17 21:01:33 | 00,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009.04.17 17:53:33 | 00,000,880 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.17 17:11:51 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.04.17 16:47:59 | 00,419,366 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_vcredistMSI5C34.txt
[2009.04.17 16:47:58 | 00,011,390 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_vcredistUI5C34.txt
[2009.04.16 21:32:33 | 00,000,732 | ---- | C] () -- C:\Users\Clemens\AppData\Local\d3d9caps64.dat
[2009.03.12 07:30:20 | 00,000,516 | R--- | C] () -- C:\Windows\cmudaxp.ini
[2009.02.12 08:11:45 | 00,007,718 | ---- | C] () -- C:\Windows\cadx2.ini
[2008.01.21 03:48:25 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 03:48:07 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.01.10 08:44:26 | 01,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 507 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >


:eek::eek::eek:
Leider sieht die Sache wohl doch nicht so gut aus, wie ich in der Zwischenzeit dachte - gerade im Moment beim Erstellen des Beitrags sprang mein AntiVir plötzlich an und meldete mir eine der Dateien. Die sollte eigtl schon entfernt gewesen sein - bedeutet das, ich habe mich reinfiziert oder haben sowohl AntiVir, als auch Anti-Malware die Datei bei den späteren Suchdurchläufen gestern nicht finden können?

http://bildupload.sro.at/a/thumbs/antivir_fund.jpg

nattfoedd 29.12.2009 10:34
Hier nun die Extras.txt (ging über das Zeichenlimit des Beitrags hinaus)

Code:
OTL Extras logfile created on: 29.12.2009 10:13:05 - Run 1
OTL by OldTimer - Version 3.1.20.1    Folder = C:\Users\Clemens\Desktop
64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 70,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 5,18 Gb Free Space | 6,63% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 266,28 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 462,76 Gb Total Space | 64,48 Gb Free Space | 13,93% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CLEMENS-PC
Current User Name: Clemens
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\FireFox3\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3217975060-3964529262-2517402447-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\xchat\xchat.exe" = D:\Programme\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"D:\Programme\xchat\xchat.exe" = D:\Programme\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC72CED-382B-4675-BF91-F014A0A9CFE3}" = rport=445 | protocol=6 | dir=out | app=system |
"{122344B6-7315-4F12-812F-DC0551C39F44}" = lport=139 | protocol=6 | dir=in | app=system |
"{12B70408-5D96-42F8-9251-23F45DA12D37}" = lport=445 | protocol=6 | dir=in | app=system |
"{16747378-E304-4470-A9F7-C542327C1777}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D1993B8-9EF8-43C1-95D4-BF61E3C68F0D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3633CB77-F8F1-40FB-B698-F91034633095}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{36B58CD0-15DE-4457-AACD-F7CB93335422}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AAD84833-6976-4D00-94A6-2BF6020183C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3FFED50-9E91-45CF-B6B1-714ED7F98F0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC2E8773-4145-461F-A33D-54C599D46DF2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F38A4C31-39BC-4241-9FEF-E4F28DDA37DC}" = lport=137 | protocol=17 | dir=in | app=system |
"{FBDEEEB4-1A23-4B7E-896F-3CF5EB13F2E7}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E6CFD3-7C67-46DD-B559-1675580E9C9E}" = protocol=17 | dir=in | app=e:\spiele\arma2demo\arma2demo.exe |
"{09B85D0B-B8BF-499E-B7E0-6F2F9E76B04C}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{16AEE88A-6F3A-4ACA-8DBF-F9739EFEA2CA}" = protocol=6 | dir=in | app=e:\spiele\anno1404\tools\anno4web.exe |
"{17DA8938-45A5-4F3A-9A04-5A4C04A14A50}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{184CA00D-C25C-4413-B1D5-2DC5328782B1}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe |
"{244CFA23-251D-42CB-B9EE-35BA4FE86818}" = protocol=17 | dir=in | app=e:\spiele\annodemo\anno4.exe |
"{37FA0075-55F8-4223-9863-D9A1C5A42C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\3dsmax.exe |
"{3925C930-6AFF-41C2-8D12-A4A6F92084F5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3F26B0FD-3A8C-45C7-B2FF-1706567BCBDB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{41C97EE4-CC95-4D66-B586-4BA8862FBC56}" = protocol=6 | dir=in | app=e:\spiele\ut3\binaries\ut3.exe |
"{4AA85150-6A2B-4459-8277-819FEE3C2AAD}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{5025A447-6A5E-450E-B85D-34BB43AF26C7}" = protocol=6 | dir=in | app=e:\spiele\annodemo\tools\benchmark.exe |
"{5D42FA32-1254-46BC-AE16-4421032EB12B}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{682CB30B-17CA-4C49-B04D-271353FD73D0}" = protocol=6 | dir=in | app=e:\spiele\f.e.a.r\fear.exe |
"{68DDE9C8-168D-4754-9929-A507C136D313}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E17098E-D19E-46F1-AA11-D3EF6D82376E}" = protocol=6 | dir=in | app=e:\spiele\annodemo\anno4.exe |
"{75E4B520-5309-4DF4-AF25-E4CA2756D2DF}" = protocol=6 | dir=in | app=e:\spiele\arma2demo\arma2demo.exe |
"{77E032D3-8F7F-47F4-A503-5733E3CFA0D9}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\3dsmax.exe |
"{7AC38695-3680-4FD9-BEDD-839C05461609}" = protocol=6 | dir=in | app=e:\spiele\grid11\grid.exe |
"{7B8BFFA7-D56E-458C-8B6A-34CED0E0C2EF}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{7BD29C11-1499-4F05-99F6-C2DA661E0EB2}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{7C3A3FA7-BD95-4BCD-8B31-3E2154633345}" = protocol=6 | dir=in | app=e:\spiele\ofp2\ofdr.exe |
"{83BCE090-6324-439B-881F-A60BC6BCBF47}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe |
"{8C7D608B-9839-4202-9B64-32B66E5A82CE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{96518C74-653E-427C-951B-C9CBFC556D0A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{9A0838DD-7F13-4DF4-B0D3-08399BE82239}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{9DA2D4C7-EF32-493C-AC27-913FC33CC389}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{9E3673B6-32A8-4C8E-9B2C-3511DCE31037}" = protocol=17 | dir=in | app=e:\spiele\ofp2\ofdr.exe |
"{9FE5D594-88F9-453C-B580-3F6986445FB8}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{A4C7328C-5ACA-4931-9D8A-847894B0A71D}" = protocol=17 | dir=in | app=e:\spiele\ut3\binaries\ut3.exe |
"{A5F28160-E80B-4C10-904A-A1D2F8D759EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7E80553-90D7-4C97-B0FF-775E58EFE6B3}" = protocol=17 | dir=in | app=e:\spiele\f.e.a.r\fear.exe |
"{A802E467-53A4-431D-9148-A7383D7155C0}" = protocol=6 | dir=in | app=e:\spiele\anno1404\anno4.exe |
"{A992D4FE-5269-42FD-BDC0-C6BEAC2D334E}" = protocol=17 | dir=in | app=e:\spiele\annodemo\tools\benchmark.exe |
"{A9C9CB6B-3D78-4FBC-9E8A-87995D510776}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B9FFEEBB-FFBC-4E4E-BB1C-2531A1454696}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe |
"{BAE0388A-8DA3-4162-AF18-952B94E80443}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{BB5FFDFD-FC0B-4C6E-971A-E1E901D2F648}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{C32503F2-AD15-41A6-B2A1-4322F99B6814}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C47599AD-982E-4346-A731-0209B8244A73}" = protocol=17 | dir=in | app=e:\spiele\anno1404\tools\anno4web.exe |
"{C59B2AAE-C2A6-49BE-82D4-5BF60404C914}" = protocol=17 | dir=in | app=e:\spiele\grid11\grid.exe |
"{C8693D67-A4BC-4862-A36F-E7DC0B2A3427}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{D0A2F776-562E-45AB-B7E6-A0F9D2FD5AC6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D1B7CE29-0209-4541-8310-E3A6C0E42EF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E27A6FE6-6DE5-433A-AE9C-DF9B7790D6EE}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe |
"{ED0502B6-4A36-4B00-B52D-C54117520CD6}" = protocol=17 | dir=in | app=e:\spiele\anno1404\anno4.exe |
"TCP Query User{1C2B884A-E34D-495B-BE48-7A49AD551217}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{2006DB4C-2F74-4141-9F60-062DF4010711}E:\grid_ex\grid.exe" = protocol=6 | dir=in | app=e:\grid_ex\grid.exe |
"TCP Query User{27348DE9-F863-407E-8F8D-1DB0058310D7}D:\programme\lightwave8\programs\lightwav.patched.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\lightwav.patched.exe |
"TCP Query User{29F9D8C6-5E07-422B-99A5-958DC5143D10}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{3AB21C00-05EF-4F5D-ADE6-29D37F040D5D}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{3C5FB9FF-BBFD-418F-9B6E-9A8252EE7AD3}D:\programme\soulseekns\slsk.exe" = protocol=6 | dir=in | app=d:\programme\soulseekns\slsk.exe |
"TCP Query User{50413443-91C7-4EF1-8740-62DACA49609E}D:\programme\lightwave8\programs\modeler.patched.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\modeler.patched.exe |
"TCP Query User{5D57A56A-578A-48E8-B056-7785B0E4F66F}E:\spiele\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\spiele\ut3\binaries\ut3.exe |
"TCP Query User{5ED85A9B-9E31-4F2D-9958-378770236290}D:\programme\soulseekns\slsk.exe" = protocol=6 | dir=in | app=d:\programme\soulseekns\slsk.exe |
"TCP Query User{65CD97B3-6E06-40C9-9209-103CF950EE72}D:\programme\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\programme\azureus\azureus.exe |
"TCP Query User{6C3E2535-D109-47FA-B1A0-007478470AAB}E:\spiele\ultimaonline\uopatch.exe" = protocol=6 | dir=in | app=e:\spiele\ultimaonline\uopatch.exe |
"TCP Query User{6F340315-198D-4110-8D14-F0A561BCDB3B}D:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe" = protocol=6 | dir=in | app=d:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe |
"TCP Query User{742488D2-7082-4526-993B-8FE293D880BA}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe |
"TCP Query User{7FF9D8CC-4E90-41D7-9343-43CDF4E87F73}D:\programme\lightwave8\programs\modeler.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\modeler.exe |
"TCP Query User{8778A66B-E879-4A8F-9466-09482888FD70}D:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe" = protocol=6 | dir=in | app=d:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe |
"TCP Query User{AC2743D3-BE12-4716-B4A2-2CC1EC92C278}D:\programme\firefox3\firefox.exe" = protocol=6 | dir=in | app=d:\programme\firefox3\firefox.exe |
"TCP Query User{BF2670F2-33C3-4F33-86C7-4610BCD296E5}E:\spiele\ultimaonline\uopatch.exe" = protocol=6 | dir=in | app=e:\spiele\ultimaonline\uopatch.exe |
"TCP Query User{C2A96B28-F2B8-4E07-A698-B4BC42E070EC}D:\programme\lightwave8\programs\hub.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\hub.exe |
"TCP Query User{DEB9E017-B6E7-49EF-9137-13A9BB446805}D:\programme\cryptload_1.1.6\cryptload.exe" = protocol=6 | dir=in | app=d:\programme\cryptload_1.1.6\cryptload.exe |
"TCP Query User{E0C52649-BC06-4D52-97FF-42E688D0B55A}D:\programme\xchat\xchat.exe" = protocol=6 | dir=in | app=d:\programme\xchat\xchat.exe |
"TCP Query User{E9345688-1100-4FE8-B702-2EAB442BE056}D:\programme\lightwave8\programs\modeler.patched.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\modeler.patched.exe |
"TCP Query User{F82E9A08-A4C3-459F-8887-17356F13D701}D:\programme\lightwave8\programs\hub.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\hub.exe |
"TCP Query User{F97079F8-C288-45DF-848D-0F58EC7C3B75}D:\programme\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\programme\azureus\azureus.exe |
"TCP Query User{FA21F41D-FE74-4BBB-9DBC-BC5AE12EFF2E}E:\grid_ex\grid.exe" = protocol=6 | dir=in | app=e:\grid_ex\grid.exe |
"UDP Query User{0270359E-8F52-45C4-97B3-BC581FBC2EA1}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{0283B0FD-8A1C-4AD0-A423-3794BC15542F}D:\programme\soulseekns\slsk.exe" = protocol=17 | dir=in | app=d:\programme\soulseekns\slsk.exe |
"UDP Query User{0447403D-A056-4CBF-935B-063C5086DCAA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1D85589C-B432-4510-B2E1-75C37CC1EC5E}D:\programme\lightwave8\programs\modeler.patched.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\modeler.patched.exe |
"UDP Query User{1F07D089-30B6-4DC7-821B-0CE4A190E3AD}D:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe" = protocol=17 | dir=in | app=d:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe |
"UDP Query User{24422813-D890-40FB-93B9-109E16CF87BE}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe |
"UDP Query User{352FBFC1-0D1F-4972-BF1F-4C11D76565B2}D:\programme\xchat\xchat.exe" = protocol=17 | dir=in | app=d:\programme\xchat\xchat.exe |
"UDP Query User{39C956C8-3FDE-4397-A0BB-A27B2AA4FF45}D:\programme\lightwave8\programs\hub.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\hub.exe |
"UDP Query User{4B9C67A9-7E2A-4239-8746-D6E0E72ED2C2}D:\programme\lightwave8\programs\lightwav.patched.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\lightwav.patched.exe |
"UDP Query User{6166206D-C45B-44CC-B3B3-1B37DB2C4A98}E:\spiele\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\spiele\ut3\binaries\ut3.exe |
"UDP Query User{633E81F2-22A1-4269-9D86-6E7A157540AF}D:\programme\soulseekns\slsk.exe" = protocol=17 | dir=in | app=d:\programme\soulseekns\slsk.exe |
"UDP Query User{75AFB698-0405-49CA-84ED-72B03A1CDF3D}D:\programme\firefox3\firefox.exe" = protocol=17 | dir=in | app=d:\programme\firefox3\firefox.exe |
"UDP Query User{9EB34DF3-D28F-4828-B4C6-BFB27E0F7924}D:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe" = protocol=17 | dir=in | app=d:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe |
"UDP Query User{A6DF9D81-6B9F-4242-A087-4145E0F463D0}D:\programme\lightwave8\programs\hub.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\hub.exe |
"UDP Query User{A8923D9F-453B-43F1-A0EF-4BE8EDAB299D}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{AFAA03D3-DD1D-4771-81D0-545524D994FF}D:\programme\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\programme\azureus\azureus.exe |
"UDP Query User{B90E8537-74BE-4B97-9698-322B4011C532}D:\programme\lightwave8\programs\modeler.patched.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\modeler.patched.exe |
"UDP Query User{BB38DB86-28BE-4E04-AD3F-A3BF15600B3C}E:\grid_ex\grid.exe" = protocol=17 | dir=in | app=e:\grid_ex\grid.exe |
"UDP Query User{CF76921E-8AEE-4943-BECC-564375283A58}E:\grid_ex\grid.exe" = protocol=17 | dir=in | app=e:\grid_ex\grid.exe |
"UDP Query User{D9264948-333A-410E-B20A-94043561036C}D:\programme\cryptload_1.1.6\cryptload.exe" = protocol=17 | dir=in | app=d:\programme\cryptload_1.1.6\cryptload.exe |
"UDP Query User{E4506335-372F-413C-9720-3DC2114614C7}E:\spiele\ultimaonline\uopatch.exe" = protocol=17 | dir=in | app=e:\spiele\ultimaonline\uopatch.exe |
"UDP Query User{EB527734-0952-4BC1-B7EA-7F9F95F6FBAD}E:\spiele\ultimaonline\uopatch.exe" = protocol=17 | dir=in | app=e:\spiele\ultimaonline\uopatch.exe |
"UDP Query User{EF44F10F-A111-4D03-ABE9-311E92B82F27}D:\programme\lightwave8\programs\modeler.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\modeler.exe |
"UDP Query User{F06EC7E6-B981-4AB3-9B08-16DD96693485}D:\programme\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\programme\azureus\azureus.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{24F84124-A8BE-4A93-9F0A-7892160BA450}" = SOFTIMAGE XSI 7.01
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C850287-4CD5-4FAD-BE39-A4AF7851A7C6}" = GRID Demo
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1124.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{57EF5EE1-E32B-4EDE-9D50-3A82126800EE}" = Batman: Arkham Asylum Demo
"{5940AABD-1573-4CBC-B82F-CA526690FEB5}" = OGRE Command Line Tools
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62BBFDA0-306C-4022-8E40-021C073CB3AF}" = NewTek LightWave 3D [8]
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD07558-BEA5-435C-B122-183653E23EB4}" = SOFTIMAGE XSI 7.01
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87A27A8D-6384-4AF9-B219-025A51775234}" = Deep Exploration 5.7
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B1702138-0937-4A36-9BE3-9A19B5168DAD}" = Max 5.0.8
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2975B11-82F4-47D9-A0AC-99E36A0E9ECB}" = SOFTIMAGE License Server 1.1.11.1502
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ArmA2 Demo" = ArmA2 Demo Uninstall
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"CCleaner" = CCleaner
"DVD-lab PRO 2.5_is1" = DVD-lab PRO 2.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXPERTool_is1" = EXPERTool 7.4
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"GIF Animator" = Microsoft GIF Animator
"GTD Tree_is1" = GTD Tree 1.0.3
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1124.1
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"mIRC" = mIRC
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGRE SDK" = OGRE SDK 1.6.4 for Visual C++ 2008
"OpenAL" = OpenAL
"PRJPRO" = Microsoft Office Project Professional 2007
"RealAlt_is1" = Real Alternative 1.7.5
"RivaTuner" = RivaTuner v2.24
"RTTSoftware DeltaView free 8.5" = RTTSoftware DeltaView free 8.5 (uninstall only)
"Soulseek2" = SoulSeek 157 NS 13d
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"The FilmMachine_is1" = The FilmMachine 1.6
"TrueCrypt" = TrueCrypt
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.4f
"Unreal Tournament 3 Tweaker" = Unreal Tournament 3 Tweaker 5.0
"Vista Icon Pack ST_is1" = Vista Icon Pack ST
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Vue 7.5 Infinite PLE 64bit" = Vue 7.5 Infinite PLE 64bit
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"xchat" = XChat 2 (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iColorDisplay" = iColor Display 3.5.0.0 (nur entfernen)
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"pdfsam" = pdfsam
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2009 10:29:03 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
 
Error - 28.12.2009 10:51:10 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
 
Error - 28.12.2009 11:57:01 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
 
Error - 28.12.2009 17:47:43 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
 
Error - 28.12.2009 18:09:34 | Computer Name = Clemens-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GUI.exe, Version 1.0.0.1, Zeitstempel 0x47e8c0ab,
 fehlerhaftes Modul HM.dll, Version 1.0.0.1, Zeitstempel 0x490ab2ad, Ausnahmecode
 0xc0000005, Fehleroffset 0x000025de,  Prozess-ID 0x940, Anwendungsstartzeit 01ca87b93b28efa7.
 
Error - 29.12.2009 05:08:09 | Computer Name = Clemens-PC | Source = SPM_syslog | ID = 4100
Description = SPM_ERROR (C:\spm\spmdib.exe): Can't get display name for service:
 "SPM License Server"  (Der angegebene Dienst ist kein installierter Dienst.)
 
Error - 29.12.2009 05:08:10 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
 
Error - 29.12.2009 05:08:25 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
 
Error - 29.12.2009 05:08:46 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
 
Error - 29.12.2009 05:08:55 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
 
[ System Events ]
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7032
Description =
 
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 08.09.2009 16:06:51 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 08.09.2009 16:06:51 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >

Wäre es nun zu empfehlen, die gleiche Prozedur mit CCleaner und Anti-Malware nochmal durchlaufen zu lassen, wegen dem erneuten Fund?

cosinus 29.12.2009 10:55
Bitte die von AntiVir gemeldete Datei und diese hier:

Zitat:
C:\Windows\SysWow64\MPCDx.ax
C:\Windows\SysWow64\RLMPCDec.ax
C:\Windows\SysWow64\FLACDX.ax
C:\Windows\SysWow64\RLAPEDec.ax
C:\Windows\SysWow64\ac3DX.ax
nacheinander bei Virustotoal.com auswerten lassen. Poste alle Ergebnislinks.

nattfoedd 29.12.2009 11:42
Gibt es einen Grund, warum ich die Dateien selbst im Verzeichnis nicht finde, sie aber definitiv vorhanden sind? (Versteckte Dateien sind in den Ordner-Optionen eingeblendet)

Konnte das Ganze jedoch umgehen, in dem ich beim Hochladen schlicht den Pfad und Dateinamen reinkopieren konnte.

Hier die VirusTotal Ergebnisse:
C:\Windows\SysWow64\MPCDx.ax <-eSafe Meldung
C:\Windows\SysWow64\RLMPCDec.ax <-eSafe Meldung
C:\Windows\SysWow64\FLACDX.ax <-eSafe Meldung
C:\Windows\SysWow64\RLAPEDec.ax <- Hier schlägt McAfee drauf an (Heuristic.LooksLike.Trojan.Crypt.ZPACK.B)
C:\Windows\SysWow64\ac3DX.ax <- Keine Meldung

Die von AntiVir gefundene C:\Users\Clemens\AppData\Local\Temp\rmoxsewanec.exe hab ich leider nach dem Fund direkt löschen lassen.

cosinus 29.12.2009 12:11
Kannst Du die Dateien verschieben, zB nach c:\backup?

nattfoedd 29.12.2009 13:21
Nein, leider werden diese Dateien anscheinend vom Windows Explorer ausgeblendet (obwohl 'versteckte Dateien anzeigen' aktiviert ist) - spaßeshalber hab ich es bereits mit Total Commander probiert, dort werden die Dateien ebenfalls nicht angezeigt.

http://bildupload.sro.at/a/thumbs/syswow64.jpg

Lediglich die auf dem Screenshot befindlichen *.ax Dateien sind im SysWow64 Verzeichnis sicht- und anwählbar.

Wenn ich den kompletten Pfad also beispielsweise C:\Windows\SysWow64\RLAPEDec.ax in die Adresszeile eingebe kann ich die Datei allerdings mit einem Programm meiner Wahl öffnen lassen - also Lese-Rechte scheine ich zu haben.

cosinus 29.12.2009 13:43
Lässt Du Dir alle Dateien anzeigen? Auch versteckte und geschützte Systemdateien?

nattfoedd 29.12.2009 14:01
Ok peinlich - könnte mir mit dem Kopf auf die Tischplatte hauen - ja, das hat ich natürlich übersehen.

Das Verschieben hat problemlos geklappt. Haben diese Dateien denn ein Bezug zur Infektion deiner Meinung nach?

cosinus 29.12.2009 14:37
Könnte sein. Hier noch 2 Kandidaten zur Auswertung:

Zitat:
C:\Windows\SysNative\drivers\XrUsb64.sys
C:\Users\Clemens\LWEXT8.cfg


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19