| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner (via msn): Backdoor:Win32/IRCbot.gen!MWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2010, 21:26
| #1 |
| |  Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M Hi, ich habe mir diesesn Trojaner via MSN von einem Freund eingefangen... leider war ich so dumm und habe den link ausgeführt und windows warnt mich auch, dass dieser trojaner auf dem pc vorhanden ist. das problem ist, ich habe kaum bis gar keine ahnung von soetwas und wäre echt dankbar wenn mir jemand weiterhelfen könnte. in einem anderen thread zum gleichen thema habe ich schon gelesen was ich posten soll, also fang ich mal mit dem ergebnis von HijackThis an. ich habe windows vista und einen laptop von asus, sowie antivir als antivirensoftware... HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:08:16, on 15.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\ASScrPro.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\ASUSTPE.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Users\Public\nvsvc32.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate1ca2c0c7ae1e685) (gupdate1ca2c0c7ae1e685) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: DVM Meta Data Export Service (MDES) - DeviceVM - C:\ASUS.SYS\DVMExportService.exe O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\RWTH OpenVPN Client\bin\openvpnserv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8903 bytes bitte um schnelle hilfe, bin verzweifelt... danke |
|
15.09.2010, 21:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M Hallo und
__________________ Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
15.09.2010, 21:57
| #3 |
| | Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M also der malwarebytesscan läuft gerade und scheint noch etwas zu brauchen.
__________________in der zeit hätte ich ein paar fragen: und zwar habe ich als 2.betriebssystem kubuntu auf dem laptop...ist das automatisch auch betroffen oder sind die isoliert voneinander? und weiter: sollte ich alle passwörter sicherheitshalber ändern wenn wir das problem hier (hoffentlich) in den griff kriegen? und 3.: wie du bereits gesehen hast bin ich neu hier im forum. ich habe mich also hier angemeldet als ich den trojaner schon hatte, als email adresse hab ich eine unwichtige ausgewählt. sind denn die in firefox gespeicherten passwörter "in gefahr"? sicherheitshalber verwende ich im mom den IE weil da keine passwörter drauf gespeichert sind edit: ich habe wie im anderen thread die versteckte dateien anzeigen lassen und sehe im moment auf dem desktop die verdächtige datei P18943431.JPG-www.facebook.exe. ich weiß nicht ob es weiterhilft aber ich dachte mir vielleicht hilft es es mal zu bemerken... danke Geändert von Komodo3000 (15.09.2010 um 22:05 Uhr) |
|
16.09.2010, 07:47
| #4 |
| | Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M hier ist das ergebnis von malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4623 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 16.09.2010 08:44:34 mbam-log-2010-09-16 (08-44-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 489997 Laufzeit: 2 Stunde(n), 21 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Sebastian\Desktop\P18943431.JPG-www.facebook.exe (Worm.Palevo) -> No action taken. soll ich die beiden dinger entfernen? ich gehe mal davon aus aber ich warte erstmal auf eine antwort edit: hab sie nun doch entfernt  Geändert von Komodo3000 (16.09.2010 um 08:08 Uhr) |
|
16.09.2010, 07:59
| #5 |
| | Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M OTL.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2010 08:52:58 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Sebastian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 40,54 Gb Free Space | 17,41% Space Free | Partition Type: NTFS Drive D: | 110,83 Gb Total Space | 110,68 Gb Free Space | 99,86% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LAPTOPBASTI Current User Name: Sebastian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\ASScrPro.exe () PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\ASUS.SYS\DVMExportService.exe (DeviceVM) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\WDC.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\ATK Hotkey\HControlUser.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe () PRC - C:\Windows\System32\ASUSTPE.exe (ASUS) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe File not found SRV - (Akamai) -- c:\program files\common files\akamai\rswin_3746.dll () SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (OpenVPNService) -- C:\Program Files\RWTH OpenVPN Client\bin\openvpnserv.exe () SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MDES) -- C:\ASUS.SYS\DVMExportService.exe (DeviceVM) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () ========== Driver Services (SafeList) ========== DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS File not found DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS File not found DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.09 15:56:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.09 15:56:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.18 18:16:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.23 21:47:09 | 000,000,000 | ---D | M] [2009.09.02 12:00:13 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions [2010.09.15 19:56:59 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\ucpc4yyg.default\extensions [2010.02.02 21:28:56 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\ucpc4yyg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.09.10 13:45:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\ucpc4yyg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.05.16 17:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.04.22 21:12:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.16 17:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.04.11 18:01:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.11 18:01:14 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.11 18:01:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.11 18:01:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.11 18:01:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Users\Public\nvsvc32.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Waterfall.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Waterfall.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.29 22:27:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.16 08:51:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2010.09.15 22:35:47 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Malwarebytes [2010.09.15 22:35:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.15 22:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.15 22:35:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.15 22:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.15 22:34:53 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sebastian\Desktop\mbam-setup.exe [2010.09.15 22:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.09.15 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010.09.15 19:37:10 | 000,000,000 | -H-D | C] -- C:\dvmexp [2010.09.15 11:03:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.02 17:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader [2010.08.23 22:33:20 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\No23 Recorder [2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Sebastian\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Sebastian\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Sebastian\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Sebastian\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2010.09.16 08:55:44 | 005,242,880 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT [2010.09.16 08:51:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2010.09.16 08:44:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.16 08:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.16 06:28:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.16 06:28:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.15 23:57:52 | 000,000,186 | -H-- | M] () -- C:\dvmexp.idx [2010.09.15 22:35:40 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.15 22:35:04 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sebastian\Desktop\mbam-setup.exe [2010.09.15 22:31:51 | 000,000,811 | ---- | M] () -- C:\Users\Sebastian\Desktop\CCleaner.lnk [2010.09.15 22:19:01 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.09.15 22:07:23 | 000,001,881 | ---- | M] () -- C:\Users\Sebastian\Desktop\HijackThis.lnk [2010.09.15 21:56:34 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.09.15 21:56:28 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.15 21:56:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.15 21:55:44 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2010.09.15 21:54:32 | 006,291,456 | -H-- | M] () -- C:\Users\Sebastian\AppData\Local\IconCache.db [2010.09.15 21:40:47 | 000,082,432 | RHS- | M] () -- C:\Users\Sebastian\Desktop\P18943431.JPG-www.facebook.exe [2010.09.15 19:42:13 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{096919DB-92D4-426E-8403-9BC1A775BB72}.job [2010.09.15 19:31:39 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT{3ee2d5c6-eef6-11de-a5fe-00248c8a9550}.TMContainer00000000000000000001.regtrans-ms [2010.09.15 19:31:39 | 000,065,536 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT{3ee2d5c6-eef6-11de-a5fe-00248c8a9550}.TM.blf [2010.09.14 13:35:09 | 001,458,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.14 13:35:09 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.14 13:35:09 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.14 13:35:09 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.14 13:35:09 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.09 17:08:42 | 000,000,666 | ---- | M] () -- C:\Users\Sebastian\Documents\openvpn-win-fulltunnel.ovpn [2010.08.30 22:59:48 | 000,055,096 | ---- | M] () -- C:\Users\Sebastian\Documents\liste.docx [2010.08.23 23:04:22 | 000,001,475 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\RecConfig.xml [2010.08.23 21:47:09 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk ========== Files Created - No Company Name ========== [2010.09.15 22:35:40 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.15 22:31:51 | 000,000,811 | ---- | C] () -- C:\Users\Sebastian\Desktop\CCleaner.lnk [2010.09.15 22:07:23 | 000,001,881 | ---- | C] () -- C:\Users\Sebastian\Desktop\HijackThis.lnk [2010.09.15 21:40:46 | 000,082,432 | RHS- | C] () -- C:\Users\Sebastian\Desktop\P18943431.JPG-www.facebook.exe [2010.09.15 21:37:39 | 000,000,186 | -H-- | C] () -- C:\dvmexp.idx [2010.09.09 17:08:41 | 000,000,666 | ---- | C] () -- C:\Users\Sebastian\Documents\openvpn-win-fulltunnel.ovpn [2010.08.30 22:59:47 | 000,055,096 | ---- | C] () -- C:\Users\Sebastian\Documents\liste.docx [2010.08.23 22:56:16 | 000,001,475 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\RecConfig.xml [2010.07.17 23:42:22 | 000,023,888 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\UserTile.png [2010.04.13 20:01:16 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.04.13 19:57:12 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.01.05 20:35:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.01.05 20:35:41 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.11.18 16:49:58 | 000,000,680 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat [2009.11.04 22:07:56 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.09.24 14:45:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.22 20:54:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.02 18:17:25 | 000,131,072 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.07 06:32:10 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll [2008.10.28 23:16:00 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2008.10.24 15:13:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.08.11 04:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.05.12 05:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\lame_enc.dll [2007.06.12 19:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\ogg.dll [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\no23xwrapper.dll < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.09.2010 08:52:58 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Sebastian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 40,54 Gb Free Space | 17,41% Space Free | Partition Type: NTFS
Drive D: | 110,83 Gb Total Space | 110,68 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOPBASTI
Current User Name: Sebastian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068DAC93-6FE7-4F24-9575-A0D3CEAC244E}" = lport=138 | protocol=17 | dir=in | app=system |
"{0F71E9E6-3E19-45ED-BF2B-ADDBB5933698}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2E20FD33-3FF0-4926-AFA0-844BBFDFDDF3}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E3AAA48-FFD5-4B5A-869F-3AA328C50C9B}" = rport=138 | protocol=17 | dir=out | app=system |
"{58ACEEC2-6627-4E56-A6CE-F6F6A6217955}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{596EAAC6-DB46-4D49-9DD7-A4A474B88042}" = rport=137 | protocol=17 | dir=out | app=system |
"{5E6A841E-2034-4D2E-813C-8A882A09D1A5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{60E71BBB-5BBD-48FF-B487-9A3060533A5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96FB29FC-C9A9-4796-8B5A-C754E3D316ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{AC647FD1-583E-4A25-8118-71C30BD44FBC}" = rport=139 | protocol=6 | dir=out | app=system |
"{B58A8E33-6BE3-42C8-B9F7-5539FCB1290E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B6EEEA57-ACB6-4FEC-AB54-11E2C11A4A38}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B786A16D-B6F0-426F-8DE4-7B085FC3DE1E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB47062A-B896-44C4-AF60-128BA10098DF}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface |
"{EAFD6C48-DC82-42BF-BBD2-5D4AA90DA437}" = rport=445 | protocol=6 | dir=out | app=system |
"{F945B4C0-692A-4C5E-9E5D-624C9C5AFE9B}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104D69F5-3C29-46E9-88F9-91BA98F03849}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{1126EA93-4BC2-4D07-BA34-C1F6C6048DAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15DCED88-5F97-4F27-8D10-565A831ACAF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{21F11BD9-ABFF-44B9-9D5B-B2EC9AD4CE08}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{259A4EED-1F55-4C05-AC77-95052AB8A0D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E1A5EC3-7C49-4697-846C-6FE43E6BD0B5}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{331D55EE-147E-4DAE-9D27-C2AC6E296B88}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{37956E3E-DEA9-4A46-982C-7E886BA1F0DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4750D48D-A203-4A77-BA6C-E87C4346C2D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47797B90-5865-497D-B67F-B6DCAF4F7D6A}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{480BDFB6-E62A-4394-ABCE-451B419B1849}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{563A8791-3E1B-4B4A-8CA4-167AD4BC9964}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{60B60D71-97AF-4EF8-8497-9F342EEB8ECC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{60B67D57-5564-4BFB-B29F-DF9590209229}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{65B95721-813A-4388-BE02-158518997EF8}" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"{6E48DD96-47C1-4569-96AE-767348536DA3}" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"{7B41AAAE-8017-4624-8758-357EE1BE5A17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8795C3F6-7C56-43A5-80D8-99D481931B5E}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{97F06800-0AA7-4841-BBE2-EF6040D53219}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{AA677040-3519-459F-97F8-347E40776A35}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AE99F0BB-89C5-42EE-BD20-7130D8C2831B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B13B67D3-2DD0-47BC-BE9B-BAB373F7EDAE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{BBD5155C-5F52-46CA-99DD-954491BE3342}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD044710-58A6-4EF9-9B5E-AD33194B2CB3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D5CB8F0C-7053-44D0-861D-DD037C398A26}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D759CB13-2639-4E56-98D4-58CB9DC22353}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{D9609C96-85E2-445E-9CEB-0D281C74F5C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E2CC1CE0-6E14-40B6-9E9F-D19257B3EF34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F0ECFB8F-D047-479A-A0F5-8A8E1C5C932A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F28208E7-D32D-4CD7-B6AB-441A296BEBD3}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F2AFCCC3-02C9-4FA8-BA15-494984AFE3BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1116372E-C181-4102-BAA7-E46F29189EB5}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{116B0D11-4F9A-4C04-A7D9-73DB70C44DE5}C:\users\sebastian\desktop\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\blobby\volley.exe |
"TCP Query User{3F4CF36C-8400-4982-B75C-8A62A3A97837}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{77B03121-2E1F-49B2-ADF8-C57F2A6FA90D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{77E3C4F7-19E4-4CC0-BB91-F8E5AAB5E7A8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9904AA3A-4BF0-47D9-B820-AA6C922F3FD0}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{B702047E-637B-489A-8ED1-A19AE5ED1503}C:\program files\ugs\nx 5.0\ugii\ugraf.exe" = protocol=6 | dir=in | app=c:\program files\ugs\nx 5.0\ugii\ugraf.exe |
"TCP Query User{B8784346-DA31-4A66-BEB2-91A8C13B3AF5}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B9FABA7A-54B1-49EE-BF87-792C0C3F7FBF}C:\program files\microsoft office outlook connector\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office outlook connector\heroes of newerth\hon.exe |
"TCP Query User{CD113291-EE78-4207-90BC-A8D4205E677C}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{DFC92CD1-C579-4433-8163-AECB1CCAF93B}C:\program files\phonostar\hon.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\hon.exe |
"UDP Query User{28324BE1-9DE4-4722-8C95-8872964970A9}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{3EC172AB-6547-4F97-802D-94A73258EBEA}C:\program files\ugs\nx 5.0\ugii\ugraf.exe" = protocol=17 | dir=in | app=c:\program files\ugs\nx 5.0\ugii\ugraf.exe |
"UDP Query User{462B964A-BA42-4AB5-8249-9A8E25FCBDAD}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{674E34CF-23CE-453A-ADDB-70A4E02D0D43}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{6E86CAC0-2125-4804-A485-74E949A7ED6B}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{77D481F5-71FB-46D1-955D-D8B961CD05FC}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{9C1658FC-E6A0-4C7F-9CEA-DB5DBE168E38}C:\users\sebastian\desktop\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\blobby\volley.exe |
"UDP Query User{BA426BDE-F8DD-47A1-B3A9-C343FD793AA2}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D70B34D3-60AC-48AB-95BA-99590DE62389}C:\program files\phonostar\hon.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\hon.exe |
"UDP Query User{F2176239-4B1F-4E56-A2CF-581B43A6A2DB}C:\program files\microsoft office outlook connector\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office outlook connector\heroes of newerth\hon.exe |
"UDP Query User{F49ACDA6-CFFE-4AD2-9C4C-6BA795AB7E69}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005B94DC-2954-CC01-27C4-2D369D037EE0}" = CCC Help Polish
"{024AA2AC-FFA9-1806-6BB5-B7725E81B133}" = CCC Help Greek
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{067CA42C-B66D-9995-041D-39A998AC0DB9}" = CCC Help Japanese
"{078B7B83-4F8E-30F3-1F6C-27CB7A58B34F}" = CCC Help Portuguese
"{07AD1E36-8AF3-54AA-3ADF-757FF315BA0B}" = Catalyst Control Center Graphics Previews Vista
"{0849C3F0-2084-8CBF-3C7C-ADBBE2F4C885}" = Catalyst Control Center InstallProxy
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0C3D4387-58C3-03FA-9250-E80587ED1970}" = Catalyst Control Center Localization French
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EE024E4-7A22-5C59-CB86-D2163B4A5940}" = Catalyst Control Center Graphics Full Existing
"{0F3C61B5-3051-4DE6-8A6A-45100BCC1F41}" = Dolby Control Center
"{12E6E331-91E3-2964-5E42-FD5101EC1924}" = Skins
"{13303431-D0FE-AA95-BEBB-DD936E89129D}" = CCC Help French
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{179AF346-87A7-047D-3034-08D379B06512}" = Catalyst Control Center Localization Danish
"{180C2A98-E757-3FE1-9118-3106F696AD64}" = CCC Help Finnish
"{1821904F-DAD2-ADF5-8F1C-32AA87DA9099}" = CCC Help Thai
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
"{1B003CCD-DD4C-C45A-5E64-CF2F677735E4}" = Catalyst Control Center Localization Hungarian
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20E2C98F-37F6-3AEE-3EEB-0817E40C1B5E}" = Catalyst Control Center Localization Thai
"{214B35FA-D554-BA98-C46D-8543CE723D59}" = Catalyst Control Center Localization Turkish
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23990464-BE2A-1041-2436-A9EA742B84D4}" = Catalyst Control Center Graphics Light
"{2480C7AD-DD7D-26B4-E4A0-04CAC853ADAF}" = Catalyst Control Center Localization Greek
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28F5F2A0-6A42-FB10-9468-8218592804A6}" = CCC Help Italian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F8C0EC4-ECCE-35D3-163D-B1BE983C902E}" = Catalyst Control Center Localization Japanese
"{308A38F5-3061-64FE-698C-9E30BE7AE7F4}" = Catalyst Control Center Localization Dutch
"{37B93E3B-991E-0E7E-DD8E-F5836622397F}" = ATI Catalyst Install Manager
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39758F7A-E763-917E-E7BE-081561D0D9AB}" = CCC Help Norwegian
"{3A438F62-00EE-4422-906B-6D9E107FC33F}" = Serif DrawPlus X2
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B939E1F-6E91-D459-1876-685B0C152704}" = Catalyst Control Center Localization Swedish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DD0A3FE-82C3-3DF4-019F-2F1F71032830}" = ccc-core-static
"{4E765B16-84C0-40FD-A33D-D58CC7C75603}" = UGS NX 5.0
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 Language Pack - Deutsch
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{58C613C0-74A9-2753-FDDB-7E250DA1A775}" = CCC Help Chinese Standard
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62CF8923-31DC-4285-A23C-17CE5AA6A679}" = Express Gate
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64F12E84-C845-6131-ACC4-71E884E58D32}" = Catalyst Control Center Localization Italian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B8C292E-38D1-70BC-200B-08A855200B56}" = Catalyst Control Center Localization Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E17E13-EE46-1D1A-7240-C9B17FA07A58}" = CCC Help Hungarian
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DE5AA66-A8CE-8689-2A1A-C7D679EDD038}" = CCC Help Chinese Traditional
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2010
"{804EC25F-031C-692F-9FEF-F9EC6E9A5BFF}" = CCC Help Swedish
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{88E9BEAC-B245-9C4E-C4F0-F5D8918CF8E8}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{946383CC-B47D-4817-A4D9-03F4E76A9003}" = Serif DrawPlus X2 Ressourcen
"{94F29521-B6BB-ADBF-183A-4DEFD1CB123A}" = Catalyst Control Center Localization Korean
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{976AF33B-E8BB-968F-D2E9-2956ECCDB695}" = Catalyst Control Center Localization Spanish
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A01320F-7C1D-8B61-B96D-6F62C0662B62}" = Catalyst Control Center Localization Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9CC5470D-6C5A-4835-8CDE-CD590FB26329}" = UGS NX 5.0 Documentation
"{9DCFC564-606E-424F-8A1C-56DD14908AF6}" = Serif PhotoPlus X2
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A13F629F-58F2-4820-81AC-356956B4AF08}" = CCC Help Danish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B8FB6E-2D93-EA96-41D2-0A8DE245463E}" = ccc-utility
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8AE28A8-7A3C-DA73-B71B-F0E1E934184F}" = Catalyst Control Center Localization Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AC18C2B2-32A3-1405-4404-7A299E804D53}" = Catalyst Control Center Localization Czech
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACA1C809-F50A-B6EA-B7AE-D1E46ABDDF15}" = Catalyst Control Center Graphics Previews Common
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF389D43-5DE7-39F6-947B-985F0F722E2F}" = CCC Help Spanish
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AFE40488-240F-311D-65AB-C5081016DD5A}" = Catalyst Control Center Localization German
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B50A4BE8-906F-5E89-825D-7A194F77F915}" = Catalyst Control Center Localization Russian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional
"{C49EE0A6-96F1-D141-EFB8-525930D8E3F0}" = CCC Help Korean
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5245592-6EB6-9D13-55FE-D360A9F5CC97}" = CCC Help Turkish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CDC072CD-AB8C-6958-DE84-6FA2236E973C}" = CCC Help German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2D58C26-6BF8-5203-340E-190CF5B7E23B}" = CCC Help Dutch
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D86BEAB5-9A12-E681-2B27-14F45D78439E}" = Catalyst Control Center Graphics Full New
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DBBA3B20-3D85-6426-F00A-F8AFA81D581C}" = Catalyst Control Center Localization Polish
"{DC905847-D537-427F-BF91-47CC7ACCDE58}" = ASUS FancyStart
"{DD2D3F4B-BF4F-85C9-1A0F-913D80407B2E}" = Catalyst Control Center Localization Finnish
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3455E2A-A26D-0632-D088-6ACC10C1F9F8}" = CCC Help English
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2724B69-2CAF-E4F8-A05D-82D858970092}" = Catalyst Control Center Localization Chinese Standard
"{F2C6DD1F-B4ED-A876-8B1D-293A1760C1F8}" = CCC Help Russian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC1F75C6-760C-4F4B-912F-1F213C4F7550}" = UGS NX 5.0 CAST
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE875E53-A922-87D5-DF74-E030D41C54D7}" = Catalyst Control Center Core Implementation
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Inventor 2010" = Autodesk Inventor Professional 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DWG TrueView 2010" = DWG TrueView 2010
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"FL Studio 9" = FL Studio 9
"Google Updater" = Google Updater
"Hardcore" = Hardcore
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"InfraRecorder" = InfraRecorder
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NirSoft ShellExView" = NirSoft ShellExView
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.5
"Picasa 3" = Picasa 3
"PoiZone" = PoiZone
"PokerStars.net" = PokerStars.net
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"reFX Nexus 1.3.7_is1" = reFX Nexus 1.3.7
"RWTH OpenVPN Client" = RWTH OpenVPN Client 2.1_rc19c
"Sakura" = Sakura
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Toxic Biohazard" = Toxic Biohazard
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.09.2010 04:25:32 | Computer Name = LaptopBasti | Source = WinMgmt | ID = 10
Description =
Error - 04.09.2010 09:39:18 | Computer Name = LaptopBasti | Source = WinMgmt | ID = 10
Description =
Error - 04.09.2010 09:57:54 | Computer Name = LaptopBasti | Source = RasClient | ID = 20227
Description =
Error - 04.09.2010 09:59:46 | Computer Name = LaptopBasti | Source = RasClient | ID = 20227
Description =
Error - 05.09.2010 09:45:21 | Computer Name = LaptopBasti | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2010 11:39:21 | Computer Name = LaptopBasti | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2010 11:41:06 | Computer Name = LaptopBasti | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: f58 Anfangszeit: 01cb4dd996121907 Zeitpunkt
der Beendigung: 31
Error - 07.09.2010 06:09:06 | Computer Name = LaptopBasti | Source = WinMgmt | ID = 10
Description =
Error - 09.09.2010 07:00:03 | Computer Name = LaptopBasti | Source = WinMgmt | ID = 10
Description =
Error - 09.09.2010 18:22:35 | Computer Name = LaptopBasti | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15.09.2010 13:38:36 | Computer Name = LaptopBasti | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.09.2010 15:37:54 | Computer Name = LaptopBasti | Source = bowser | ID = 8003
Description =
Error - 15.09.2010 15:42:26 | Computer Name = LaptopBasti | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt. Weitere Informationen
finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/IRCbot.gen!M&threatid=134169
Scan-ID:
{935255EC-A6A3-4D66-AC7B-58F04FE84C17} Benutzer: LaptopBasti\Sebastian Name: Backdoor:Win32/IRCbot.gen!M
ID:
134169 Schweregrad-ID: 5 Kategorie-ID: 6 Pfad: Warnungsart: %%805 Aktion: %%811 Fehlercode:
0x80508024 Fehlerbeschreibung: Zum Abschluss der Entfernung von Spyware und anderer
unerwünschter Software müssen Sie einen vollständige Überprüfung ausführen. Informationen
zu Scanoptionen finden Sie unter "Hilfe und Support".
Error - 15.09.2010 15:56:04 | Computer Name = LaptopBasti | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.09.2010 um 21:53:47 unerwartet heruntergefahren.
Error - 15.09.2010 15:57:19 | Computer Name = LaptopBasti | Source = Service Control Manager | ID = 7000
Description =
Error - 15.09.2010 15:57:19 | Computer Name = LaptopBasti | Source = Service Control Manager | ID = 7000
Description =
Error - 15.09.2010 15:57:19 | Computer Name = LaptopBasti | Source = Service Control Manager | ID = 7026
Description =
Error - 15.09.2010 16:00:30 | Computer Name = LaptopBasti | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.09.2010 16:05:17 | Computer Name = LaptopBasti | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt. Weitere Informationen
finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/IRCbot.gen!M&threatid=134169
Scan-ID:
{D245634A-0C5E-4209-ADDD-234CB2283640} Benutzer: LaptopBasti\Sebastian Name: Backdoor:Win32/IRCbot.gen!M
ID:
134169 Schweregrad-ID: 5 Kategorie-ID: 6 Pfad: Warnungsart: %%805 Aktion: %%811 Fehlercode:
0x80508024 Fehlerbeschreibung: Zum Abschluss der Entfernung von Spyware und anderer
unerwünschter Software müssen Sie einen vollständige Überprüfung ausführen. Informationen
zu Scanoptionen finden Sie unter "Hilfe und Support".
Error - 16.09.2010 02:50:49 | Computer Name = LaptopBasti | Source = bowser | ID = 8003
Description =
< End of report >
|
|
17.09.2010, 00:16
| #6 |
| | Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M ich hoffe mir antwortet jemand, denn mittlerweile hat sich die lage verändert... und zwar habe ich mit der mitgelieferten recovery cd windows wiederhergestellt. nun möchte ich nochmal wirklich sicher gehen dass sich das drecksding nicht doch noch irgendwo versteckt hat. es wäre super wenn mir jemand methoden dazu verraten könnte, dann brauch ich euch nicht mehr belästigen ps: ich wollte dafür nicht extra ein neues thema aufmachen, hoffentlich ist das ok so danke nochmal |
|
17.09.2010, 10:33
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M Wenn Du recovert hast, sind die Schädlinge definitiv weg!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2010, 11:13
| #8 |
| | Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M ok, dafür spricht dann wohl auch, dass msn wieder einwandfrei funktioniert, danke für die hilfe!!! |
|
| Themen zu Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M |
| antivir, antivir guard, avira, backdoor, bho, bonjour, computer, desktop, excel, firefox, google, hijack, hijackthis, internet explorer, mozilla, plug-in, problem, saver, schnelle hilfe, security, senden, server, software, system, trojaner, vista, windows |
Linear-Darstellung
