Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vista Antivirus 2010

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.03.2010, 12:05   #1
Alexxi119
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



Hallo

Ich habe mir wohl beim surfen "Vista Antivirus 2010" eingefangen.

Habe mir auch schon eine Anleitung dazu durchgelesen, doch so ganz verstehe ich nicht, wie ich jetzt vorgehen muss.

Kann mir da mal ein Experte helfen ?

Wie werde ich das los ?
Welche Logfiles soll ich posten ?

Alex

Alt 16.03.2010, 14:26   #2
StLB
/// Helfer-Team
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010





Welches Vista hast Du denn? 32- oder 64-bit Version?
Folgende Logs wären wichtig für eine weitere Behandlung:


Malwarebytes' Anti-Malware

* mbam-setup.exe herunterladen, doppelklicken und "Next" um Malwarebytes zu installieren.
* Im Register Update bitte die Datenbank-Version aktualisieren.
* Im Register Scanner "Vollständigen Suchlauf durchführen" auswählen und mit "Scan" ausführen.
* Wenn der Scan beendet ist (Dauer in der Regel 1-2 Stunden) alles Gefundene anhaken und löschen lassen. ("Ausgewähltes entfernen")
* Im Register Scan-Berichte den aktuellsten auswählen und öffnen, das Logfile dann hierher kopieren.


Systemscan mit OTL von Oldtimer


* OTL.exe herunterladen und auf dem Desktop speichern.
* OTL.exe ausführen ("Als Administrator ausführen")
* Im Block "Extra Registry" den Button bitte auf "UseSafeList" stellen
* Weiterhin bitte "LOP Check" und "Purity Check" anhaken.
* Dann mit "Run Scan" links oben scannen.
* Die erstellten Logfiles OTL.txt und Extras.txt finden sich entweder auf dem Desktop oder unter c:\_OTL\
* Beide Logfiles dann hier zur Auswertung posten.
__________________

__________________

Alt 16.03.2010, 16:40   #3
Alexxi119
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



Zitat:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3872
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

16.03.2010 15:20:56
mbam-log-2010-03-16 (15-20-56).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|W:\|)
Durchsuchte Objekte: 728482
Laufzeit: 1 hour(s), 53 minute(s), 40 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
C:\Users\Alexander\AppData\Local\av.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
F:\Daten\**\**.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\**\**\**.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alexander\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Hier mal der erste Log, der andere folgt noch.
Das hatte ich halt schon vorher gemacht.

Die Infizierten Dateien, da wo ** sind, habe ich schon länger drauf, jetzt auhc mitgelöscht.

Zur Zeit sieht das System rein aus, aber man weiß ja nie...
__________________

Geändert von Alexxi119 (16.03.2010 um 16:57 Uhr)

Alt 16.03.2010, 16:58   #4
Alexxi119
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



An den OTL Textdateien habe ich nichts verändert. Sind ja an persönlichen Daten wohl nur Dateinamen und so zu entdecken


Ich habe eine vollversion von F-Secure Internet Security 2010 installiert. Läuft das jetzt auch wieder ?

Und was ist mit der Windows Firewall ?
Dort zeigt der mir an, dass sie an ist, aber unsicher.

Und F-Secure bei den Einstellungen ist auch die Firewall an. Aber davon weiß irgendwie Windows nichts...


Ach ja, nach dem einfangen dieses Vista ANtivirus 2010 habe ich zuerst einen Scan mit F-Secure gemacht, wo allerdings der Bericht nicht erschien und in der Datei der Berichte was altes stand.

Danach Neustart, dann habe ich dieses Malwarebytes gemacht und Neustart und nun halt das OTL


Was mir aufgefallen sit, dass aufeinmal der Internet Explorer wieder Standardbrowser war, anstatt Firefox.

Was ist noch am System beschädigt ?

(Sorry für die langen 4-fach Posts, aber das passte nicht alles in einen )

Alt 16.03.2010, 17:01   #5
Alexxi119
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



OTL.txt
Zitat:
OTL logfile created on: 16.03.2010 16:43:11 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = I:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 38,01 Gb Free Space | 38,92% Space Free | Partition Type: NTFS
Drive D: | 50,04 Gb Total Space | 42,57 Gb Free Space | 85,08% Space Free | Partition Type: NTFS
Drive E: | 150,01 Gb Total Space | 14,17 Gb Free Space | 9,45% Space Free | Partition Type: NTFS
Drive F: | 90,25 Gb Total Space | 44,84 Gb Free Space | 49,68% Space Free | Partition Type: NTFS
Drive G: | 145,72 Gb Total Space | 4,81 Gb Free Space | 3,30% Space Free | Partition Type: NTFS
Drive H: | 2,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 9,74 Gb Total Space | 1,04 Gb Free Space | 10,66% Space Free | Partition Type: NTFS
Drive J: | 20,00 Gb Total Space | 1,62 Gb Free Space | 8,11% Space Free | Partition Type: NTFS
Drive W: | 368,10 Gb Total Space | 367,96 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: ALEX-NEUER
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.16 16:42:02 | 000,556,032 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2010.03.01 17:04:01 | 000,055,992 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe
PRC - [2010.02.05 13:45:16 | 000,385,856 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010.02.03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.01.27 17:09:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.12.28 14:47:58 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe
PRC - [2009.12.26 22:42:59 | 000,356,960 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\Anti-Virus\fsav32.exe
PRC - [2009.12.26 22:42:40 | 000,619,616 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\Anti-Virus\fssm32.exe
PRC - [2009.12.26 22:42:40 | 000,480,352 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2009.12.17 17:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- D:\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.12.17 11:23:54 | 000,272,896 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2009.11.11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.10.27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.09.30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2009.09.24 14:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009.09.19 03:17:56 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.09.19 03:17:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.25 18:17:16 | 007,723,552 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.08.04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.07.26 16:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.07.09 10:34:54 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\Common\FSM32.EXE
PRC - [2009.07.09 10:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\Common\FSMA32.EXE
PRC - [2009.07.09 10:34:52 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\Common\FSHDLL32.EXE
PRC - [2009.07.09 10:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.21 14:19:54 | 000,092,168 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Gaming Software\LWEMon.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- E:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.03.17 17:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.21 03:24:44 | 002,585,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
PRC - [2008.01.21 03:24:02 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.11.19 03:19:36 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007.07.26 12:18:18 | 000,768,528 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2007.07.26 12:16:12 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\LBTWiz.exe
PRC - [2007.07.26 12:15:56 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe
PRC - [2007.07.26 12:14:28 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2007.01.29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006.12.05 17:30:06 | 000,450,560 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2004.06.09 15:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\Windows\VM_STI.EXE


========== Modules (SafeList) ==========

MOD - [2010.03.16 16:42:02 | 000,556,032 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
MOD - [2009.07.09 10:34:16 | 000,330,336 | ---- | M] () -- \\?\c:\program files\f-secure\hips\fshook32.dll
MOD - [2009.04.11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.03.11 16:47:15 | 002,462,256 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\rswin_3648.dll -- (Akamai)
SRV - [2010.03.01 17:04:01 | 000,055,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010.02.06 10:12:41 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.01.05 18:32:07 | 000,946,180 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2010.01.01 12:30:01 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.28 14:47:58 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009.12.17 17:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.09.19 03:17:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.09 10:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009.07.09 10:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.26 12:15:56 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.12.30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.12.30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.12.26 22:43:21 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2009.12.26 22:42:52 | 000,107,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009.12.24 09:26:25 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.24 09:26:25 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.09.19 05:31:54 | 005,157,376 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.25 12:26:36 | 002,758,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.08.23 15:00:52 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.08.13 09:10:36 | 000,096,368 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009.07.09 10:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009.07.09 10:33:14 | 000,071,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009.07.09 10:33:02 | 000,035,680 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2009.07.09 10:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009.07.09 10:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009.07.09 10:31:22 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009.07.03 11:21:36 | 000,168,448 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009.02.03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.01.13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.01.13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.01.13 19:13:36 | 000,031,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009.01.13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.01.13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.06.12 13:04:12 | 000,036,496 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.06.12 13:04:06 | 000,035,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.02.08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2007.01.04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.02.26 16:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.schuelervz.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 2B FF 0B E7 86 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cobra11games.de/news.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..keyword.URL: "http://www.google.de/#hl=de&source=hp&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2010.01.12 13:06:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.14 10:24:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.03 18:05:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.09 16:45:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.02.03 18:05:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.14 10:24:11 | 000,000,000 | ---D | M]

[2010.01.24 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2010.01.24 14:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.16 09:31:34 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\x48jxdjy.default\extensions
[2009.12.23 20:01:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\x48jxdjy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.09 17:47:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\x48jxdjy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 19:12:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\x48jxdjy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.31 11:01:50 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\x48jxdjy.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010.02.16 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\x48jxdjy.default\extensions\fsonlinescanner@f-secure.com
[2010.02.27 19:18:09 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\x48jxdjy.default\extensions\moveplayer@movenetworks.com
[2010.03.13 16:18:03 | 000,003,915 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\x48jxdjy.default\searchplugins\sweetim.xml
[2010.03.09 16:45:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.27 17:09:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.27 17:09:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.27 17:09:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.27 17:09:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.27 17:09:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LiveZilla] D:\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [LaunchList] C:\Programme\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: moove.com ([]* in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.04 11:47:15 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.10.19 13:01:46 | 003,659,264 | R--- | M] (Synetic) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.08.18 18:09:42 | 000,000,049 | R--- | M] () - H:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{5ce207d0-f25b-11de-9c8e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5ce207d0-f25b-11de-9c8e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.10.19 13:01:46 | 003,659,264 | R--- | M] (Synetic)
O33 - MountPoints2\{7e70b1af-ef30-11de-8de4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7e70b1af-ef30-11de-8de4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.03.16 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2010.03.16 12:27:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.16 12:27:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.16 12:27:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.03.16 12:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.13 16:19:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.03.13 10:57:02 | 000,000,000 | -HSD | C] -- C:\Users\Alexander\Phone Browser
[2010.03.10 18:19:11 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.10 18:19:10 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.10 17:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{CDA9FCB1-946B-4A89-A0DD-B238EAEB3D37}
[2010.03.09 17:49:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\dwhelper
[2010.03.09 16:45:55 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.03.09 16:45:55 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.03.09 16:45:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.03.09 16:45:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.03.09 16:45:33 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.03.06 10:52:13 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.03.06 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Google
[2010.02.27 19:19:54 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Move Networks
[2010.02.24 16:55:03 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.02.24 16:54:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.24 16:54:50 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.24 16:54:50 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.24 16:54:49 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.24 16:54:49 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.24 16:54:49 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.24 16:54:49 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.24 16:54:49 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.02.24 16:54:49 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.24 16:54:49 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.02.24 16:54:46 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.02.24 16:54:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.02.24 16:54:45 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.02.20 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\skypePM
[2010.02.20 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Skype
[2010.02.20 13:39:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.02.20 13:39:40 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.02.20 13:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.02.19 17:46:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Blender Foundation
[2010.02.16 19:32:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\NOKIA Sicherungen
[2010.02.16 19:23:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PCSuite
[2010.02.16 19:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.02.16 14:59:12 | 000,000,000 | ---D | C] -- C:\CBS_online
[2010.02.16 14:57:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2009.12.24 10:07:55 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe172A.dll
[7 C:\Users\Alexander\Documents\*.tmp files -> C:\Users\Alexander\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.16 16:43:34 | 005,242,880 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT
[2010.03.16 15:57:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.16 15:31:36 | 001,449,154 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.16 15:31:36 | 000,628,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.16 15:31:36 | 000,597,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.16 15:31:36 | 000,126,890 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.16 15:31:36 | 000,105,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.16 15:25:58 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.16 15:25:52 | 000,005,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.16 15:25:52 | 000,005,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.16 15:25:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.16 15:25:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.16 15:25:48 | 3753,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.16 15:24:46 | 004,613,399 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010.03.16 15:24:46 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.16 15:24:46 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.16 14:26:35 | 000,008,892 | -HS- | M] () -- C:\Users\Alexander\AppData\Local\nSVDb4q65iE
[2010.03.16 12:27:34 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.13 12:41:15 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010.03.10 17:55:14 | 000,000,584 | ---- | M] () -- C:\Users\Public\Desktop\LiveZilla Server Admin.lnk
[2010.03.10 17:55:14 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\LiveZilla Client.lnk
[2010.03.09 16:45:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.03.09 16:45:37 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.03.09 16:45:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.03.09 16:45:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.03.06 11:10:47 | 000,239,370 | ---- | M] () -- C:\Users\Alexander\Documents\Schulbus-HaltestellenWesseling.pdf
[2010.03.06 10:55:30 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.03.06 10:53:02 | 000,001,356 | ---- | M] () -- C:\Users\Alexander\AppData\Local\d3d9caps.dat
[2010.03.04 17:54:20 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\FT Box Creator.net 5 starten.lnk
[2010.03.02 18:20:33 | 000,367,104 | ---- | M] () -- C:\Users\Alexander\Documents\JK-Nennformular2010.doc
[2010.02.27 10:25:25 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.02.25 16:44:03 | 000,115,424 | ---- | M] () -- C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.25 16:42:29 | 000,417,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.02.21 00:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.02.21 00:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.02.20 13:42:59 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.02.20 13:39:41 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.02.20 10:45:17 | 000,053,248 | ---- | M] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.19 18:25:11 | 000,443,455 | ---- | M] () -- C:\Users\Alexander\Documents\Kart-Spaß.skp
[2010.02.19 18:24:05 | 000,442,821 | ---- | M] () -- C:\Users\Alexander\Documents\Kart-Spaß.skb
[2010.02.18 17:43:47 | 000,314,555 | ---- | M] () -- C:\Users\Alexander\Documents\Erdkunde-Wüsten.pdf
[2010.02.18 17:41:18 | 000,258,048 | ---- | M] () -- C:\Users\Alexander\Documents\Erdkunde-Wüsten.pub
[2010.02.16 19:23:47 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.02.16 18:58:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.02.16 14:59:10 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\CBS_Client_AS3_005.lnk
[7 C:\Users\Alexander\Documents\*.tmp files -> C:\Users\Alexander\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.16 12:27:34 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.16 11:24:48 | 000,008,892 | -HS- | C] () -- C:\Users\Alexander\AppData\Local\nSVDb4q65iE
[2010.03.10 17:55:14 | 000,000,584 | ---- | C] () -- C:\Users\Public\Desktop\LiveZilla Server Admin.lnk
[2010.03.10 17:55:14 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\LiveZilla Client.lnk
[2010.03.06 11:10:47 | 000,239,370 | ---- | C] () -- C:\Users\Alexander\Documents\Schulbus-HaltestellenWesseling.pdf
[2010.03.06 10:55:30 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.03.06 10:52:17 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.06 10:52:16 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.04 17:54:20 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\FT Box Creator.net 5 starten.lnk
[2010.03.02 18:20:32 | 000,367,104 | ---- | C] () -- C:\Users\Alexander\Documents\JK-Nennformular2010.doc
[2010.02.20 13:42:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.20 13:39:41 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.02.19 18:25:11 | 000,442,821 | ---- | C] () -- C:\Users\Alexander\Documents\Kart-Spaß.skb
[2010.02.19 18:24:05 | 000,443,455 | ---- | C] () -- C:\Users\Alexander\Documents\Kart-Spaß.skp
[2010.02.18 17:43:46 | 000,314,555 | ---- | C] () -- C:\Users\Alexander\Documents\Erdkunde-Wüsten.pdf
[2010.02.18 17:31:35 | 000,258,048 | ---- | C] () -- C:\Users\Alexander\Documents\Erdkunde-Wüsten.pub
[2010.02.16 19:23:47 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.02.16 18:58:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.02.16 14:59:10 | 000,000,735 | ---- | C] () -- C:\Users\Public\Desktop\CBS_Client_AS3_005.lnk
[2010.01.27 16:36:25 | 000,000,179 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\setup.log
[2010.01.27 16:36:22 | 000,000,760 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\setup_ldm.iss
[2010.01.11 17:32:43 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.01.11 17:32:43 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.01.11 17:32:42 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.01.11 17:32:42 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.01.11 17:32:40 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.01.04 12:08:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\DVResampleru.dll
[2010.01.04 11:59:39 | 000,000,024 | ---- | C] () -- C:\ProgramData\__FileUploader.log
[2010.01.04 11:47:14 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2010.01.04 11:47:14 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2010.01.04 11:47:14 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2010.01.04 11:47:14 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2010.01.04 11:47:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2009.12.27 19:41:26 | 000,053,248 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.27 18:27:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2009.12.27 18:27:49 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009.12.27 18:27:45 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.12.27 12:26:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.26 22:39:48 | 000,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2009.12.26 21:12:15 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.12.26 21:04:04 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009.12.26 21:04:04 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.12.26 20:42:59 | 000,001,356 | ---- | C] () -- C:\Users\Alexander\AppData\Local\d3d9caps.dat
[2009.12.24 10:46:08 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.12.24 10:46:08 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.12.24 10:46:06 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.24 10:46:06 | 000,000,227 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.12.24 10:46:06 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.12.24 10:46:06 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.12.24 09:26:25 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.12.24 09:26:25 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.12.11 20:49:46 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010.02.19 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Blender Foundation
[2010.02.12 16:17:53 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\F-Secure
[2010.02.12 10:16:35 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ICQ
[2010.02.20 10:44:48 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Nokia
[2009.12.23 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Notepad++
[2010.02.14 10:31:59 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\PC Suite
[2009.12.24 09:15:14 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ProtectDisc
[2009.12.28 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TeamViewer
[2010.01.24 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Thunderbird
[2010.03.16 15:24:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP73C9AB3
< End of report >
Sorry, aber irgendwie passte das heir alles nicht in einen Beitrag, wodurch das nun bisschen durcheinander ist


Alt 16.03.2010, 17:02   #6
Alexxi119
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



Extras.txt
Zitat:
OTL Extras logfile created on: 16.03.2010 16:43:11 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = I:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 38,01 Gb Free Space | 38,92% Space Free | Partition Type: NTFS
Drive D: | 50,04 Gb Total Space | 42,57 Gb Free Space | 85,08% Space Free | Partition Type: NTFS
Drive E: | 150,01 Gb Total Space | 14,17 Gb Free Space | 9,45% Space Free | Partition Type: NTFS
Drive F: | 90,25 Gb Total Space | 44,84 Gb Free Space | 49,68% Space Free | Partition Type: NTFS
Drive G: | 145,72 Gb Total Space | 4,81 Gb Free Space | 3,30% Space Free | Partition Type: NTFS
Drive H: | 2,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 9,74 Gb Total Space | 1,04 Gb Free Space | 10,66% Space Free | Partition Type: NTFS
Drive J: | 20,00 Gb Total Space | 1,62 Gb Free Space | 8,11% Space Free | Partition Type: NTFS
Drive W: | 368,10 Gb Total Space | 367,96 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: ALEX-NEUER
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FFADDD-FE71-4612-872E-50E455AE0213}" = lport=445 | protocol=6 | dir=in | app=system |
"{081EF8FC-E2A9-4254-9F4D-D34495B19367}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{0FD4A7DE-DB28-45C6-9188-FD328FCC35EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1435D00B-81F1-4F1F-8811-4AEACE784BA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{26030643-5004-497B-881A-83E0983C15FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39E3A03A-31BB-4EC7-AA7D-09C6FAB53068}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A754385-5392-4505-A96D-65DEAE1505EB}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{606EB302-634D-4090-9194-9B257E7B9BA8}" = lport=137 | protocol=17 | dir=in | app=system |
"{7050B1F6-8990-4C34-A6F9-9B6A5F1164BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7BF7E4BF-826E-4C65-BB78-42AE9BAA792A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D9CB900-6C13-4424-801F-6CEB86FB02DC}" = rport=138 | protocol=17 | dir=out | app=system |
"{C27B1A22-1B93-4A1B-BAFA-EAAF5508C7BC}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC27CF40-3C74-49A3-8C6E-CA25DE446A76}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server |
"{D201EEE3-F3E9-4933-A2EB-2B98E1A1E652}" = rport=445 | protocol=6 | dir=out | app=system |
"{D41A569D-4B57-4B06-A391-F10395DF8D9F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D87C3160-CB22-4426-B670-4FD131932A2F}" = lport=139 | protocol=6 | dir=in | app=system |
"{F611D137-072F-4DB0-8453-98204FB7AF42}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1058ED22-982C-4A5E-A6E5-2F94333CEA6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14E4B708-2B25-4124-90A9-A76854B428EB}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{2291C1B2-9C21-4691-8228-CDA631139FA2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{2F3AEF04-D121-4638-AC9C-3BEC1EFCA1E0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{40321A70-B59E-4CF2-99FA-B254AC81DFE5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{558DCBF6-B963-4619-9B43-5B118865DA97}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{5D47C185-3073-4278-A403-ADFD3A066B7E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5D7AC33C-4F13-4961-B138-F649A1993091}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\zerogear.bat |
"{5ED95234-792B-4C4C-A618-6B040AC72708}" = protocol=17 | dir=in | app=d:\teamviewer\version5\teamviewer.exe |
"{6328C82E-F23D-484D-8428-B75E684961C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6803388C-BE4C-42C2-B4EE-1BBC499F622B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DCA3043-64D9-44FA-93A8-AAA413521A76}" = protocol=6 | dir=in | app=d:\teamviewer\version5\teamviewer.exe |
"{6FC19D42-1462-4E1F-91A5-F02CB12E4276}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{707D34A9-75D3-4ED7-A0F2-6F6689946528}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{7851F75C-4D9B-47AA-A20E-B69A7B1A394D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{7BC35D4D-FD0E-4B7F-858B-7A6A38B659A3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7C2B1A1E-A3A1-46C9-B1E7-6A8BD263F33C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{859CD832-5D53-40C9-AEB2-9897BB6C6F9C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{8D60298D-0CF2-43E5-B990-1BC7E52F5CE2}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{91665015-C3F2-48FA-A05C-D3C41BF1D2DF}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{916FC344-1141-491C-BDB4-ED08F7DFD62F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93153ACA-9D91-4592-90C7-A3EE016A2FCC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2.exe |
"{9521D51A-2224-4012-A272-5F49FD73A557}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AAB6E152-B9B7-496F-B237-3F035C69B644}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{AEAECFD3-8D3F-450A-8560-E1B1B9B98C82}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BD713415-AA7B-43AD-BBC2-441376ECED6C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C2CCFB4F-88A8-4424-938B-C7311109C24B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{C9385EA7-4981-465E-8E66-F2B16F3372E3}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{CD7358F2-DE9B-492A-9720-01CCA3BB3E91}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{D619BEAE-EC17-47A0-A476-6F45711CC3EB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D71E6C85-C5D1-4669-ABD7-BF8AC3B45EF9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D74D41B1-99BD-4053-893C-BC591EABF347}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E12EEE79-191A-478C-BCBA-9E737461D073}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E16EB72F-5766-4F85-B121-25919946CE3A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2.exe |
"{E4FC9D16-0D65-4A7C-9984-696027779186}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\zerogear.bat |
"{E609B3EC-E80D-46AF-853D-0CACE890B579}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EFC7759A-2F2E-4F66-BFCC-9524EA4667DE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{F0AC887C-0A36-48DB-9718-E24E2CB29C0C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{F7DCAB1E-126A-49DE-96BC-E8C3F4CCF20A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{0190000A-A5F5-41EE-9E20-BE784015214C}" = City Bus Simulator 2010 - New York
"{02EB6BB9-2A29-B5FA-DF9D-A45383A21C9C}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A902DF4-B767-49DB-98D3-D413E6F1E703}" = World of Subways Vol.2
"{0EA7F867-D362-2E76-77B8-9396B9245B66}" = CCC Help Finnish
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP980_series" = Canon MP980 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16CF7BB1-672E-BC9F-E5CE-5854112E2C35}" = CCC Help Japanese
"{1700FEE9-EB3D-35C8-28ED-0BE7860BA710}" = CCC Help Portuguese
"{190CCE82-4867-B16E-F96A-3F21A058ED9B}" = CCC Help Korean
"{1920228C-C2FF-4869-B6F4-7740CFC02848}" = City Bus Simulator 2010 - New York Truck
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20189739-3D05-B905-D8AF-195CEE2E52E7}" = Skins
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250F0B5E-E926-C628-B639-FD1432A850EC}" = ATI AVIVO Codecs
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{280E47E4-4EFB-D268-B042-F793EB2D8E4E}" = CCC Help Italian
"{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"{2A7D1710-31EB-3B24-BF52-1755099CE2C0}" = CCC Help Chinese Traditional
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FDD2C1F-1CB2-8BD2-44E8-552993BEC04F}" = CBS_Client_AS3_005
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A6B7222-A439-1BBE-58DD-76D1B632EEA8}" = CCC Help Turkish
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{3F7BBDE9-79B4-4E77-B878-7E6B36F3A766}" = CCC Help French
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4835B10F-61D4-E60C-860D-DF71C93FDC37}" = ATI Catalyst Install Manager
"{484EE870-ACAD-4520-88D5-9F465881238E}" = ATI Problem Report Wizard
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF37701-7E02-873F-9543-183116AC905C}" = CCC Help Danish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74315B2B-5CBA-4748-B749-DABF3AA333D5}" = Studio 11
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A587AD7-EDEF-BD63-C054-5E5FBC47105C}" = CCC Help Russian
"{82130914-DF2E-4AD3-BC73-5DC2A180924C}" = CCC Help Thai
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{88F066D3-5662-95C4-AE4E-D39174ED8F43}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{9DFC3864-1C52-E552-B039-09AE59F35801}" = CCC Help Swedish
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3
"{A43C0289-EE84-FEC7-595D-A6F8489B2C44}" = CCC Help Polish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77B5C97-77AD-54E9-FB97-52F0A9EF72AC}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E2EA3-D999-D8A0-7C6F-DF451DF9135C}" = CCC Help Greek
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B08201F3-AE80-58C6-E832-7DF5B87795FB}" = CCC Help Hungarian
"{B569ACCD-8F95-53CE-AF51-70CB8EA34656}" = CCC Help German
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B9BDD486-EF12-B0BC-1C88-B3046092A8BD}" = CCC Help Chinese Standard
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CED2C398-A03E-A70D-6894-78C79C501296}" = CCC Help Czech
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{EE96B6C8-3660-3B5E-AC95-843CDF03D613}" = Microsoft Visual Basic PowerPacks 1.2
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F175273F-6F15-23E2-1DF9-D2A8DD477502}" = CCC Help Norwegian
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Ant Renamer 2_is1" = Ant Renamer
"Audacity_is1" = Audacity 1.2.6
"BroadCam" = BroadCam Video Streaming Server
"BurningWheels" = Cobra 11 - Burning Wheels (remove only)
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"Canon MP980 series Benutzerregistrierung" = Canon MP980 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.example.CBS-Client-AS3-005.F05E47E782939A7E052A8D3EC499392F3220F2E0.1" = CBS_Client_AS3_005
"CrashTime" = Cobra 11 - Crash Time (remove only)
"Debut" = Debut Video Capture Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"FerrariVR" = Ferrari Virtual Race (remove only)
"FileZilla" = FileZilla (remove only)
"Fraps" = Fraps (remove only)
"F-Secure Product 444" = F-Secure Internet Security 2010
"FTBoxCreator5_is1" = FT Box Creator.net 5
"FTPicturesnet4_is1" = FT Pictures.net 4
"German Truck Simulator" = German Truck Simulator 1.00
"HighwayNights" = Cobra 11 - Highway Nights (remove only)
"InstallShield_{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"InstallShield_{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"LHTTSGED" = L&H TTS3000 Deutsch
"LiveZilla" = LiveZilla
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NSIS" = Nullsoft Install System
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PROPLUSR" = Microsoft Office Professional Plus 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ST6UNST #1" = SD-SIGN Barkasse 2
"Steam App 12840" = DiRT 2
"Steam App 18820" = Zero Gear
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TeamViewer 5" = TeamViewer 5
"TicketCreator_is1" = TicketCreator 5.1.18
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.8.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"05f6d70a2ede6f48" = BOS-Car
"e13a94d545c52bd5" = BOS-AGT
"f46f7273aaf2d4a1" = BOS-DME
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.03.2010 10:01:40 | Computer Name = Alex-Neuer | Source = Google Update | ID = 20
Description =

Error - 14.03.2010 07:32:37 | Computer Name = Alex-Neuer | Source = WinMgmt | ID = 10
Description =

Error - 14.03.2010 07:36:05 | Computer Name = Alex-Neuer | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2010 04:20:05 | Computer Name = Alex-Neuer | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2010 04:58:14 | Computer Name = Alex-Neuer | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.0.0.1211 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 158c Anfangszeit: 01cac4e1e57458f8 Zeitpunkt der Beendigung:
2192

Error - 16.03.2010 05:46:50 | Computer Name = Alex-Neuer | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.0.0.1211 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1934 Anfangszeit: 01cac4e6d0bd0e78 Zeitpunkt der Beendigung:
3492

Error - 16.03.2010 07:17:55 | Computer Name = Alex-Neuer | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 1 2010-03-16 12:17:55+02:00 ALEX-NEUER ALEX-NEUER\Alexander F-Secure
Anti-Virus Crash detected.

Error - 16.03.2010 07:22:26 | Computer Name = Alex-Neuer | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2010 10:01:40 | Computer Name = Alex-Neuer | Source = Google Update | ID = 20
Description =

Error - 16.03.2010 10:27:27 | Computer Name = Alex-Neuer | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 06.03.2010 06:07:44 | Computer Name = Alex-Neuer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.02.2010 07:02:21 | Computer Name = Alex-Neuer | Source = Service Control Manager | ID = 7000
Description =

Error - 06.02.2010 07:06:56 | Computer Name = Alex-Neuer | Source = Service Control Manager | ID = 7000
Description =

Error - 06.02.2010 07:12:52 | Computer Name = Alex-Neuer | Source = Service Control Manager | ID = 7000
Description =

Error - 06.02.2010 11:24:23 | Computer Name = Alex-Neuer | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.02.2010 um 16:22:56 unerwartet heruntergefahren.

Error - 07.02.2010 07:33:20 | Computer Name = Alex-Neuer | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.02.2010 um 12:29:32 unerwartet heruntergefahren.

Error - 07.02.2010 07:52:28 | Computer Name = Alex-Neuer | Source = BROWSER | ID = 8032
Description =

Error - 07.02.2010 09:12:32 | Computer Name = Alex-Neuer | Source = Service Control Manager | ID = 7000
Description =

Error - 07.02.2010 09:15:55 | Computer Name = Alex-Neuer | Source = Service Control Manager | ID = 7000
Description =

Error - 07.02.2010 09:16:57 | Computer Name = Alex-Neuer | Source = BROWSER | ID = 8032
Description =

Error - 07.02.2010 11:16:30 | Computer Name = Alex-Neuer | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.02.2010 um 16:15:15 unerwartet heruntergefahren.


< End of report >

Alt 16.03.2010, 19:14   #7
StLB
/// Helfer-Team
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



Die Logs sind ohne Befund, weitere Vorgehensweise:


1.) Rootkit Scan mit GMER
  • Bitte nach obiger Anleitung vorgehen.
  • Poste dann den Inhalt des Logfiles hier.

2.) Downloade dir bitte CKScanner

Wichtig: Save Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.
__________________
Gruß, Julian

Kein Support per PM!

Spendemöglichkeit: Make a Donation

Alt 17.03.2010, 21:36   #8
Alexxi119
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



Also diesen Rootkit Scan auf allen Festplatten musste ich jetzt einfach abbrechen. Das lief jetzt sowas vond ermaßen lange.

Ich werde das bsiherige posten... Morgen !

Alt 18.03.2010, 13:42   #9
f-secure.de
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



Hallo Alexxi119,

die Ratschläge von StLB gehen auf jeden Fall in die richtige Richtung. Ein Rootkit scheint sehr wahrscheinlich und passt auch ins Bild der Rogue AV-Softwares. Hier kann der von StLB genannte GMER Log, aber auch autoruns helfen.

Damit wir das Problem weiter analysieren können, benötigen wir weitere Informationen. Dazu bräuchten wir Deine Mithilfe. Falls Du Dich dazu entscheidest, dann eröffne ein Support Ticket unter: Kontakt zum Technischen Support und leite anschließend die SR-ID des Tickets an uns weiter. Um das Problem dann weiter analysieren zu können benötigen wir GMER und Autoruns Logs. Lade die beiden Programme herunter und führe sie entsprechend der Anleitung aus:

Diagnoseprogramm GMER:
Download: GMER - Rootkit Detector and Remover

- Programm entpacken
- Starten
- Klick auf "Scan"
- sobald der Scan abgeschlossen ist, auf "Save" klicken
- Namen "GMER-LOG"für das Log eingeben sowie den Speicherort "Desktop" auswählen.

Diagnoseprogramm "AutoRuns":
Download: Autoruns for Windows

- Entpacke die Datei
- Starte die Applikation "Autoruns.exe"
- Achtung: nicht die Datei "Autorunsc.exe"
- dort einen Moment warten bis alles eingelesen wurde
- auf "Speichern" (Diskettensymbol) klicken und die Datei "AutoRuns.arn" speichern.

Packe anschliesend bitte die Dateien "GMER-LOG" und "AutoRuns.arn" als ZIP-Datei und sende uns diese per Mail zu.

Wir hoffen, dass wir Dir weiterhelfen konnten. Falls Du wieder Fragen hast, kannst Du Dich gerne an uns wenden.

Mit besten Grüßen,
Dein F-Secure Supportteam

Alt 18.03.2010, 17:00   #10
Alexxi119
 
Vista Antivirus 2010 - Standard

Vista Antivirus 2010



Also, diesen Rootkit-Scan habe ich ja auf allen Festplatten gemacht.

Das hat aber so lange gedauert, dass ich den PC auch mal aus machen musste.

Auf http://www.alex.cobra11games.de/GMER_Log.txt ist dieser Log
Wiegesagt nach 3 Stunden oder mehr abgebrochen. Alle festplatten.

Ich werde jetzt diese Sachen nochmal machen und dies hier posten, bzw. an F-Secure senden

Und dieser CKScanner gab folgendes aus:

Zitat:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\pinnacle\studio 11\plugins\rtfx\3dserver\filtersplus3d\crackedslab3d.xml
scanner sequence 3.NA.11
----- EOF -----
(http://www.alex.cobra11games.de/ckfiles.txt)

Und diese ARN-Datei:
http://www.alex.cobra11games.de/AutoRuns.arn

Geändert von Alexxi119 (18.03.2010 um 17:14 Uhr)

Antwort

Themen zu Vista Antivirus 2010
anleitung, antivirus, antivirus 2010, experte, leitung, logfiles, poste, posten, surfe, surfen, vista, vista antivirus, vorgehen



Ähnliche Themen: Vista Antivirus 2010


  1. Antivirus 2010 auf Netbook, MWB scannt nicht
    Plagegeister aller Art und deren Bekämpfung - 07.12.2010 (13)
  2. Antivirus 2010
    Plagegeister aller Art und deren Bekämpfung - 27.11.2010 (7)
  3. AntiVirus 2010 Programm ein Fake?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (47)
  4. Antivirus 2010 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (6)
  5. Antivirus Studio 2010 entfernen
    Anleitungen, FAQs & Links - 03.10.2010 (2)
  6. Antivirus 2010 Security Centre entfernen
    Anleitungen, FAQs & Links - 29.07.2010 (2)
  7. AKM Antivirus 2010 Pro entfernen
    Anleitungen, FAQs & Links - 03.05.2010 (2)
  8. Vista Security Tool 2010 / Antivirus Vista und deren Verbeitung über dubiose Websites
    Plagegeister aller Art und deren Bekämpfung - 27.04.2010 (4)
  9. Antivirus Vista 2010 Entfernung - Report, av.exe
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (24)
  10. XP Antivirus 2010
    Plagegeister aller Art und deren Bekämpfung - 14.03.2010 (0)
  11. Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog
    Log-Analyse und Auswertung - 05.03.2010 (10)
  12. XP Internet Security 2010 / Antivirus Vista 2010 / Win 7 Antispyware 2010 entfernen
    Anleitungen, FAQs & Links - 22.02.2010 (2)
  13. Antivirus Pro 2010 entfernen
    Anleitungen, FAQs & Links - 05.02.2010 (2)
  14. ich habe Vista Antivirus 2010 und will es loswerden
    Plagegeister aller Art und deren Bekämpfung - 04.02.2010 (4)
  15. XP Antivirus Pro 2010 (neue Fake Version), av.exe
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (8)
  16. Antivirus Live 2010 entfernen
    Anleitungen, FAQs & Links - 05.01.2010 (2)
  17. Trojaner TR/Dldr.FakeRean.20 , Antivirus Pro 2010
    Plagegeister aller Art und deren Bekämpfung - 29.09.2009 (3)

Zum Thema Vista Antivirus 2010 - Hallo Ich habe mir wohl beim surfen "Vista Antivirus 2010" eingefangen. Habe mir auch schon eine Anleitung dazu durchgelesen, doch so ganz verstehe ich nicht, wie ich jetzt vorgehen muss. - Vista Antivirus 2010...
Archiv
Du betrachtest: Vista Antivirus 2010 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.