| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.10.2010, 12:49
| #1 |
 |  Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Hi hab aus den Einträgen im vorraus entnommen das mir hier geholfen werden kann. Hijack This Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:39:21, on 12.10.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\FRITZ!DSL\IGDCTRL.EXE C:\Program Files\NanoGrid\NanoGridService.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\bcmwltry.exe C:\Windows\system32\RUNDLL32.EXE C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Pickel\Downloads\fsbl.exe C:\Windows\system32\taskeng.exe C:\Users\Pickel\AppData\Local\Temp\F-Secure\BlackLight\fsblsrv.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Pickel\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.115.10:3128;http=192.168.115.10:3128;https=192.168.115.10:3128;socks=192.168.115.10:1080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{6B771751-9D3F-4C4C-9966-AFC9ED000A63}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CCS\Services\Tcpip\..\{B671FC90-06C5-4663-8593-574F00920C3B}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{6B771751-9D3F-4C4C-9966-AFC9ED000A63}: NameServer = 156.154.70.22,156.154.71.22 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - C:\Users\Pickel\AppData\Local\Temp\F-Secure\BlackLight\fsblsrv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FTPNKF - Sysinternals - www.sysinternals.com - C:\Users\Pickel\AppData\Local\Temp\FTPNKF.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE O23 - Service: INHGRLLRMXASC - Sysinternals - www.sysinternals.com - C:\Users\Pickel\AppData\Local\Temp\INHGRLLRMXASC.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NanoGrid Installer Service (NanoGridService) - NanoByte - C:\Program Files\NanoGrid\NanoGridService.exe O23 - Service: NNAHF - Sysinternals - www.sysinternals.com - C:\Users\Pickel\AppData\Local\Temp\NNAHF.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: RPMYDYQEDYRLWCC - Sysinternals - www.sysinternals.com - C:\Users\Pickel\AppData\Local\Temp\RPMYDYQEDYRLWCC.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 13011 bytes |
|
12.10.2010, 13:07
| #2 |
| | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Ich wollte eigt. noch einen GMER log posten, allerdings stürzt während dem Scan der Pc mit bluescreen ab und rebootet sofort.
__________________GMER stellt allerdings am Anfang (Start) 2 rootkit infektionen fest. ich habe einen unvollständigen log der ca. 1 MB groß ist, den ich vor dem Bluescreen abgespeichert habe, falls dieser was nützt lade ich diesen auch gerne hoch ein Hoster hierfür wäre nett =) Geändert von NathanD (12.10.2010 um 13:51 Uhr) |
|
12.10.2010, 13:17
| #3 |
| | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! OTL.txt
__________________Code:
ATTFilter OTL logfile created on: 12.10.2010 14:11:34 - Run 1 OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Pickel\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 7,72 Gb Free Space | 2,72% Space Free | Partition Type: NTFS Drive E: | 14,65 Gb Total Space | 8,46 Gb Free Space | 57,73% Space Free | Partition Type: NTFS Computer Name: PICKELJ | User Name: Pickel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Pickel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\NanoGrid\NanoGridService.exe (NanoByte) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Pickel\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\guard32.dll (COMODO) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (rwquju) -- File not found SRV - (agiuo) -- File not found SRV - (INHGRLLRMXASC) -- C:\Users\Pickel\AppData\Local\Temp\INHGRLLRMXASC.exe (Sysinternals - www.sysinternals.com) SRV - (FTPNKF) -- C:\Users\Pickel\AppData\Local\Temp\FTPNKF.exe (Sysinternals - www.sysinternals.com) SRV - (NNAHF) -- C:\Users\Pickel\AppData\Local\Temp\NNAHF.exe (Sysinternals - www.sysinternals.com) SRV - (RPMYDYQEDYRLWCC) -- C:\Users\Pickel\AppData\Local\Temp\RPMYDYQEDYRLWCC.exe (Sysinternals - www.sysinternals.com) SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NanoGridService) -- C:\Programme\NanoGrid\NanoGridService.exe (NanoByte) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (XDva317) -- C:\Windows\System32\XDva317.sys File not found DRV - (XDva315) -- C:\Windows\System32\XDva315.sys File not found DRV - (XDva310) -- C:\Windows\System32\XDva310.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (OA009Vid) -- C:\Windows\System32\drivers\OA009Vid.sys (Creative Technology Ltd.) DRV - (OA009Ufd) -- C:\Windows\System32\drivers\OA009Ufd.sys (Creative Technology Ltd.) DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (WebCamHelper) -- C:\Programme\AV WebCam Morpher\WebCamHelper.sys () DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=192.168.115.10:3128;http=192.168.115.10:3128;https=192.168.115.10:3128;socks=192.168.115.10:1080 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.0 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0 FF - prefs.js..network.proxy.ftp: "192.168.115.10" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "192.168.115.10" FF - prefs.js..network.proxy.http: "192.168.115.10" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.socks: "192.168.115.10" FF - prefs.js..network.proxy.socks_port: 1080 FF - prefs.js..network.proxy.ssl: "192.168.115.10" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.23 11:12:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.23 11:12:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.23 11:12:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010.06.23 11:12:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010.06.23 11:12:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010.06.23 11:12:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010.06.23 11:12:12 | 000,000,000 | ---D | M] [2009.10.29 00:28:28 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\mozilla\Extensions [2010.06.08 08:13:23 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\mozilla\Firefox\Profiles\pvp4ss55.default\extensions [2009.10.29 00:28:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pickel\AppData\Roaming\mozilla\Firefox\Profiles\pvp4ss55.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.01 23:15:37 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Pickel\AppData\Roaming\mozilla\Firefox\Profiles\pvp4ss55.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.01.07 17:43:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Pickel\AppData\Roaming\mozilla\Firefox\Profiles\pvp4ss55.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.01.12 09:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pickel\AppData\Roaming\mozilla\Firefox\Profiles\pvp4ss55.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.02.01 01:19:56 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\mozilla\Firefox\Profiles\pvp4ss55.default\extensions\fb_add_on@avm.de [2010.06.30 09:34:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.31 20:50:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2010.02.25 00:47:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.25 00:47:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.25 00:47:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.25 00:47:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.25 00:47:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.22 10:50:44 | 000,001,087 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 194.224.66.48 O1 - Hosts: 127.0.0.1 192.150.22.40 O1 - Hosts: 127.0.0.1 192.150.14.69 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVFX Engine] C:\Programme\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Pickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-2454495243-2828361644-642849772-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.115.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Pickel\Pictures\Hintergrundbild.jpg O24 - Desktop BackupWallPaper: C:\Users\Pickel\Pictures\Hintergrundbild.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{7ed87660-0503-11df-bed0-00256447ffc4}\Shell - "" = AutoRun O33 - MountPoints2\{7ed87660-0503-11df-bed0-00256447ffc4}\Shell\AutoRun\command - "" = F:\PlayDiskStart.exe -- File not found O33 - MountPoints2\{ff23aabf-e303-11de-8440-00256447ffc4}\Shell - "" = AutoRun O33 - MountPoints2\{ff23aabf-e303-11de-8440-00256447ffc4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{ff23aac4-e303-11de-8440-00256447ffc4}\Shell - "" = AutoRun O33 - MountPoints2\{ff23aac4-e303-11de-8440-00256447ffc4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.12 11:40:29 | 000,000,000 | ---D | C] -- C:\Programme\Sophos [2010.10.12 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\Pickel\AppData\Roaming\GetRightToGo [2010.10.12 11:04:12 | 000,000,000 | ---D | C] -- C:\Users\Pickel\Desktop\Campus Manuscripte 2010-11 [2010.10.12 10:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.10.12 09:35:35 | 000,000,000 | -H-D | C] -- C:\VritualRoot [2010.10.12 09:31:57 | 000,000,000 | ---D | C] -- C:\Programme\COMODO [2010.10.12 09:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2010.10.12 09:18:56 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.10.12 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Pickel\AppData\Roaming\Malwarebytes [2010.10.12 09:06:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.12 09:06:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.12 09:06:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.12 09:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.12 14:05:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.12 14:05:30 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job [2010.10.12 14:04:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.12 14:04:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.12 14:04:31 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.12 14:04:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.12 14:04:26 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys [2010.10.12 13:49:39 | 001,349,456 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2010.10.12 10:48:43 | 000,019,194 | ---- | M] () -- C:\Users\Pickel\Desktop\3.Sem_PR_und_Kommunikation_II.pdf [2010.10.12 09:32:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk [2010.10.12 09:06:50 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 11:22:44 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.13 11:22:44 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.13 11:22:44 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.13 11:22:44 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.13 11:11:26 | 000,000,680 | ---- | M] () -- C:\Users\Pickel\AppData\Local\d3d9caps.dat [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.12 10:48:39 | 000,019,194 | ---- | C] () -- C:\Users\Pickel\Desktop\3.Sem_PR_und_Kommunikation_II.pdf [2010.10.12 09:34:48 | 001,349,456 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2010.10.12 09:32:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk [2010.10.12 09:06:50 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.01.19 16:02:56 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.15 01:43:09 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.12.11 13:49:27 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2009.12.09 16:13:39 | 000,000,032 | ---- | C] () -- C:\Windows\board2.INI [2009.12.09 16:13:39 | 000,000,032 | ---- | C] () -- C:\Windows\board1.INI [2009.12.07 09:12:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.11.10 22:31:06 | 000,000,680 | ---- | C] () -- C:\Users\Pickel\AppData\Local\d3d9caps.dat [2009.11.09 22:30:01 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.10.29 18:50:53 | 000,034,304 | ---- | C] () -- C:\Users\Pickel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.29 08:33:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2009.10.29 08:33:57 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2009.10.19 15:29:25 | 000,003,745 | ---- | C] () -- C:\Users\Pickel\AppData\Roaming\UserTile.png [2009.09.04 14:17:47 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.04 13:48:05 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2009.09.04 13:36:24 | 000,046,392 | ---- | C] () -- C:\Windows\System32\capi2032.dll [2009.07.26 18:10:16 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2009.07.26 18:10:15 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2009.07.26 18:01:15 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2008.01.21 04:33:52 | 000,165,165 | RHS- | C] () -- C:\Windows\System32\qaahi.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2000.11.29 09:50:40 | 000,471,040 | ---- | C] () -- C:\Windows\System32\QTExporter.dll [2000.01.01 01:00:00 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2000.01.01 01:00:00 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2000.01.01 01:00:00 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2000.01.01 01:00:00 | 000,000,203 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2000.01.01 01:00:00 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2000.01.01 01:00:00 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI ========== LOP Check ========== [2010.01.19 16:07:10 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\DAEMON Tools Pro [2010.07.06 21:32:24 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\FileZilla [2010.01.31 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\FOG Downloader [2010.03.25 21:28:00 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\FRITZ! [2010.10.12 11:40:37 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\GetRightToGo [2009.11.06 12:55:21 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\IObit [2010.03.03 21:06:23 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\MessengerDiscovery 2 [2009.12.07 10:59:31 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\MrJobs [2009.12.07 12:31:50 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\Netscape [2009.10.19 15:29:25 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\PeerNetworking [2010.01.06 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\QuickScan [2010.03.27 15:51:46 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\TeamViewer [2009.10.29 00:28:29 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\Thunderbird [2010.04.28 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\TS3Client [2009.12.07 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\Vodafone [2010.02.07 17:29:22 | 000,000,000 | ---D | M] -- C:\Users\Pickel\AppData\Roaming\WindSolutions [2010.10.12 14:05:30 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job [2010.10.12 09:33:54 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.10.2010 14:11:34 - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Pickel\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 7,72 Gb Free Space | 2,72% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 8,46 Gb Free Space | 57,73% Space Free | Partition Type: NTFS
Computer Name: PICKELJ | User Name: Pickel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2454495243-2828361644-642849772-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E2403EE-4BCF-41B5-BAF3-518DBDECC18E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28637895-7EBC-4F47-9317-EDF19125B21B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3D252723-E985-4CB6-891B-E5DA8641ED5A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61F77E8A-9099-4180-B4DB-E88DA2E2ECDB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63B04A90-9A90-45C6-81F7-4E6C4FBC57DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{890D327A-021E-44A9-9F16-BF9DBC107480}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8BB939D2-1086-453E-A1C0-32B189ACFF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2A36E51-C020-4E45-B871-BE5B095949F2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D4AB631B-F116-497D-A67D-E72EF01D2C6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D60ABF28-8660-4A12-8A0C-9D5315DFA28E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB3AB4ED-9587-41C9-8116-58427644EE38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7F4928F-3138-41D2-919E-9789F102E8B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F84EFD90-CD2C-4E35-8587-FDF244471984}" = lport=9519 | protocol=6 | dir=in | name=mecnz |
"{FE91391D-27C7-4246-A7DC-02D40189E23B}" = lport=9519 | protocol=6 | dir=in | name=mecnz |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C4F49F-42DF-4C07-8368-7F762AE94BE8}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0BC38092-1F3A-4C48-9412-A25B70503B7D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1931C4B5-B855-44F3-B07A-E321E8B7C607}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{1E90426B-58B2-4A0A-960B-857A734D6F9B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{2677E09D-6371-429D-9C11-2CB7269E9881}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{27785C64-CBE7-42E0-9B80-5E8F1B4D5C69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27889C85-B335-4664-8010-4E1C9CBD6738}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37696993-4398-4328-A138-750DDDB41E34}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{39DD52B3-57ED-4043-A41F-AC155D69C047}" = protocol=17 | dir=in | app=c:\program files\ken!\kickmcli.exe |
"{3A6E1215-9020-448A-9A6C-77647AC607FF}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{3FF7FF6C-149A-4E21-AB62-9BF93FE8F820}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{403003BD-4DC9-419F-BB2F-934D26718155}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44D7B235-CBD1-475E-B526-16CBC27CA114}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{517D342D-A1A1-46A3-AECE-5D1B3618609A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{61817796-47C5-4A01-94F8-9826C470801C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6CD84D5A-4F07-448D-8DEC-DA2987B42912}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6DC1D406-55B8-45E8-8EE9-B4C78B044689}" = protocol=6 | dir=in | app=c:\program files\ken!\kentbcli.exe |
"{72598B38-BFEA-44F5-A132-B491F79A5A1D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7A303C16-A84B-4070-A74D-D80916116860}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{88AC3953-4BB9-4DBA-9584-E402B8439FBA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9027EFCC-1572-4505-B907-E4479C27C6F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9355CD43-C123-4D09-B127-DF8D66B78A20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{975FF03E-96D8-4E1C-A76C-0667B709E3E8}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{98E393C7-A51B-451C-8C62-D2BAB9F1DF25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C4D5646-308D-48B5-9CEB-BF885ADBE898}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DF5A097-7DCA-4BF1-B4F9-50B0253E8C62}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9ECBBFEB-0D0F-43C2-9CD3-14E303BFF570}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A03FBB17-9301-4F28-B047-E42C7A721D9E}" = protocol=6 | dir=in | app=c:\program files\ken!\kickmcli.exe |
"{A60EDCF9-DFF8-4DF4-910B-47CA2CD97B6C}" = protocol=17 | dir=in | app=c:\program files\ken!\kentbcli.exe |
"{BE661EA6-BC3F-43A2-9AC5-FAA0D831FD21}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C60D5C7E-DD79-4026-9036-DD4DFEFFEB57}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C807B807-FC66-4974-9551-5384024476D7}" = protocol=6 | dir=out | app=system |
"{D1777571-63B7-4928-A772-C4AA067B1921}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{D3B78DD0-C8FD-47FC-B83D-4B3BDB8FEB1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D7A852BC-F8E9-41E2-A7FA-5EBCC7D37C8F}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{D80FE68E-A8D9-45D3-A2C5-E26B5210CC0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3ACBB62-B569-40B9-9796-B6EDF9791E1C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB430495-D5E0-41DC-BE37-26FC4CFE5107}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{EB569680-C45B-46FF-BBA9-65F936C62FF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBE30F98-993E-4EAB-BF69-92C4DBB5B4D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F212DF29-D231-45D4-A70A-E01B12663F37}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{F608FC3E-3A40-419C-8F49-EB65E638F8EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{339EE996-EEDD-48E3-B477-74F10361BC1F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{7183CD06-D6FA-486B-94E5-1C8B9C770329}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B6F120B4-9E80-47DE-A6BD-C65E92AA13A1}C:\users\pickel\desktop\fogdownloader-rom_2_1_0_1871.exe" = protocol=6 | dir=in | app=c:\users\pickel\desktop\fogdownloader-rom_2_1_0_1871.exe |
"TCP Query User{BD36E805-E39C-48F8-8A2B-B8EB131722C3}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{C705C658-D6B3-479D-BF6C-B29974963957}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{D139BAFC-C521-4C04-9C6B-FA111A531A55}C:\program files\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe |
"TCP Query User{EDA92065-9392-4509-B2FF-D8758010BC6C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3D31EC82-2E24-49BF-9757-EF874C40FA99}C:\users\pickel\desktop\fogdownloader-rom_2_1_0_1871.exe" = protocol=17 | dir=in | app=c:\users\pickel\desktop\fogdownloader-rom_2_1_0_1871.exe |
"UDP Query User{67B63985-5ED1-4551-90DE-69948DC2B29A}C:\program files\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe |
"UDP Query User{699DA8E5-1C8F-4ABA-A842-162DB4EA0F50}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{79E1397A-3B65-4D3E-AF3F-7F1B38252DCD}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B683E624-2F48-4A39-8D3F-DAC99ACE8209}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{D29E6239-B515-41B8-9D85-7E826968CB20}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E5E8FD05-E5DC-4CEE-AD45-10D334326F22}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0933D69A-8995-41D7-A836-E148A8BDF734}_is1" = NanoTools
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{121EF407-C22A-43A3-BA61-DA735312EEC4}" = GridClicker
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C2A03D5-1329-445F-B245-CBC600431878}" = FarmShark
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B47B025C-11F5-498A-8C90-0B487C78B58C}_is1" = Rappelz
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5EB5FE-1EE6-49A7-9325-A970B5563BD9}" = BBBOT
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AV WebCam Morpher 2.0" = AV WebCam Morpher 2.0
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cleaner 5 EZ" = Cleaner 5 EZ
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Creative Live! Cam Doodling" = Creative Live! Cam Doodling
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"Cross Fire_is1" = Cross Fire En
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Farm Helper" = Farm Helper v1.7
"FastImageMap_is1" = Fast Image-Map 2.2.1
"FileZilla Client" = FileZilla Client 3.2.7.1
"FreePDF_XP" = FreePDF (Remove only)
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Icy Tower v1.4_is1" = Icy Tower v1.4
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"MessengerDiscovery 2.1_is1" = MessengerDiscovery 2.1.77
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NanoGrid_is1" = NanoGrid
"Net Send_is1" = NetSend
"Netscape (7.1)" = Netscape (7.1)
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"PROPLUS" = Microsoft Office Professional Plus 2007
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"rwbfrvi" = Favorit
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3RC
"Soundboard Alter Mann" = Soundboard Alter Mann 1.0
"Soundboard Nervenklinik" = Soundboard Nervenklinik 1.0
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TVWiz" = Intel(R) TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VistaGlazz_is1" = VistaGlazz 1.3
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.10.2010 07:36:03 | Computer Name = PickelJ | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 07:37:11 | Computer Name = PickelJ | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 07:55:37 | Computer Name = PickelJ | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.10.2010 07:55:41 | Computer Name = PickelJ | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 07:56:00 | Computer Name = PickelJ | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 07:56:24 | Computer Name = PickelJ | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 08:05:13 | Computer Name = PickelJ | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.10.2010 08:05:35 | Computer Name = PickelJ | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 08:07:14 | Computer Name = PickelJ | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 08:07:14 | Computer Name = PickelJ | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Broadcom Wireless LAN Events ]
Error - 16.05.2010 07:47:16 | Computer Name = PickelJ | Source = WLAN-Tray | ID = 0
Description = 13:47:16, Sun, May 16, 10 Error - Unable to gain access to user store
Error - 14.06.2010 00:32:39 | Computer Name = PickelJ | Source = WLAN-Tray | ID = 0
Description = 06:32:39, Mon, Jun 14, 10 Error - Unable to gain access to user store
Error - 28.06.2010 03:03:33 | Computer Name = PickelJ | Source = WLAN-Tray | ID = 0
Description = 09:03:33, Mon, Jun 28, 10 Error - Unable to gain access to user store
Error - 22.07.2010 10:34:35 | Computer Name = PickelJ | Source = WLAN-Tray | ID = 0
Description = 16:34:35, Thu, Jul 22, 10 Error - Unable to gain access to user store
Error - 12.10.2010 03:02:51 | Computer Name = PickelJ | Source = WLAN-Tray | ID = 0
Description = 09:02:51, Tue, Oct 12, 10 Error - Unable to gain access to user store
[ OSession Events ]
Error - 14.10.2009 03:19:57 | Computer Name = PickelJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.10.2010 07:54:38 | Computer Name = PickelJ | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 12.10.2010 07:54:49 | Computer Name = PickelJ | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 12.10.2010 07:54:54 | Computer Name = PickelJ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.10.2010 um 13:53:40 unerwartet heruntergefahren.
Error - 12.10.2010 07:54:56 | Computer Name = PickelJ | Source = HTTP | ID = 15016
Description =
Error - 12.10.2010 07:55:46 | Computer Name = PickelJ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 12.10.2010 08:04:16 | Computer Name = PickelJ | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 12.10.2010 08:04:25 | Computer Name = PickelJ | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 12.10.2010 08:04:29 | Computer Name = PickelJ | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.10.2010 um 14:03:49 unerwartet heruntergefahren.
Error - 12.10.2010 08:04:31 | Computer Name = PickelJ | Source = HTTP | ID = 15016
Description =
Error - 12.10.2010 08:07:43 | Computer Name = PickelJ | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
12.10.2010, 13:59
| #4 |
| | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Achja die Problembeschreibung hab ich vergessen: Ich kann keine Antivirus Seiten mehr öffnen, auch Antivirus Updates schlagen fehl, Microsoft.de/com ist nicht erreichbar, und MSN Messenger funktioniert nichtmehr, ich denke aber das hängt zusammen! |
|
12.10.2010, 14:49
| #5 |
| /// Malware-holic   | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
12.10.2010, 18:39
| #6 |
| | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Combo fix funktioniert nicht, es verlangt immerwieder nach einem restart! Was jetzt? |
|
12.10.2010, 19:12
| #7 |
| /// Malware-holic | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Lade http://filepony.de/download-defogger/ herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten. • Es öffnet sich das Programm-Fenster des Tools. • Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren. • Klicke Ja, um fortzufahren. • Wenn die Nachricht 'Finished!' erscheint, • klicke OK. • DeFogger wird nun einen Reboot erfragen - klicke OK • Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, befor es angewiesen wird und danach combofix noch mal. |
|
13.10.2010, 08:39
| #8 |
| | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Combofix log: Code:
ATTFilter ComboFix 10-10-12.03 - Pickel 13.10.2010 9:18.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1031.18.3034.1871 [GMT 2:00]
ausgeführt von:: c:\users\Pickel\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-13 bis 2010-10-13 ))))))))))))))))))))))))))))))
.
2010-10-13 07:30 . 2010-10-13 07:30 -------- d-----w- c:\users\Pickel\AppData\Local\temp
2010-10-13 07:30 . 2010-10-13 07:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-13 07:03 . 2010-10-13 07:03 4096 ----a-w- c:\windows\system32\0848A.tmp
2010-10-12 14:57 . 2010-10-12 14:57 4096 ----a-w- c:\windows\system32\0869C.tmp
2010-10-12 13:53 . 2010-10-12 13:53 4096 ----a-w- c:\windows\system32\082B6.tmp
2010-10-12 09:40 . 2010-10-12 09:40 -------- d-----w- c:\program files\Sophos
2010-10-12 09:39 . 2010-10-12 09:40 -------- d-----w- c:\users\Pickel\AppData\Roaming\GetRightToGo
2010-10-12 08:10 . 2010-10-12 08:10 -------- d-----w- c:\progra~2\WindowsSearch
2010-10-12 07:35 . 2010-10-12 07:35 -------- d-----w- C:\VritualRoot
2010-10-12 07:34 . 2010-10-13 07:23 1446800 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-10-12 07:31 . 2010-10-12 07:31 -------- d-----w- c:\program files\COMODO
2010-10-12 07:30 . 2010-10-12 07:36 -------- d-----w- c:\progra~2\Comodo
2010-10-12 07:06 . 2010-10-12 07:06 -------- d-----w- c:\users\Pickel\AppData\Roaming\Malwarebytes
2010-10-12 07:06 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-12 07:06 . 2010-10-12 07:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-12 07:06 . 2010-10-12 07:06 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-12 07:06 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-21 02:33 165165 --sha-r- c:\windows\System32\qaahi.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-09 20480]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
c:\users\Pickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-26 16:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
backup=c:\windows\pss\FRITZ!DSL Startcenter.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 10:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-12-18 10:24 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-09-05 16:29 385024 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 19:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 11:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NanoGrid Autostart]
2010-09-06 15:12 466944 ----a-w- c:\program files\NanoGrid\NanoGrid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-01-31 18:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 19:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 11:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
R2 agiuo;Shell Boot;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 135664]
R2 rwquju;Windows Task;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 FTPNKF;FTPNKF;c:\users\Pickel\AppData\Local\Temp\FTPNKF.exe [x]
R3 INHGRLLRMXASC;INHGRLLRMXASC;c:\users\Pickel\AppData\Local\Temp\INHGRLLRMXASC.exe [x]
R3 NNAHF;NNAHF;c:\users\Pickel\AppData\Local\Temp\NNAHF.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 RPMYDYQEDYRLWCC;RPMYDYQEDYRLWCC;c:\users\Pickel\AppData\Local\Temp\RPMYDYQEDYRLWCC.exe [x]
R3 XDva310;XDva310;c:\windows\system32\XDva310.sys [x]
R3 XDva315;XDva315;c:\windows\system32\XDva315.sys [x]
R3 XDva317;XDva317;c:\windows\system32\XDva317.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-19 691696]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-09-10 17256]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-10 236088]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-10 30112]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
S2 NanoGridService;NanoGrid Installer Service;c:\program files\NanoGrid\NanoGridService.exe [2009-10-18 77824]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~1\WebCamHelper.sys [2007-07-06 2688]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-06 133632]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 271552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
agiuo
rwquju
.
Inhalt des "geplante Tasks" Ordners
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 10:53]
2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 10:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = ftp=192.168.115.10:3128;http=192.168.115.10:3128;https=192.168.115.10:3128;socks=192.168.115.10:1080
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {6B771751-9D3F-4C4C-9966-AFC9ED000A63} = 156.154.70.22,156.154.71.22
TCP: {B671FC90-06C5-4663-8593-574F00920C3B} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Pickel\AppData\Roaming\Mozilla\Firefox\Profiles\pvp4ss55.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Pickel\AppData\Roaming\Mozilla\Firefox\Profiles\pvp4ss55.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Pickel\AppData\Roaming\Mozilla\Firefox\Profiles\pvp4ss55.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\Pickel\AppData\Roaming\Mozilla\Firefox\Profiles\pvp4ss55.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\Pickel\AppData\Roaming\Mozilla\Firefox\Profiles\pvp4ss55.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Pickel\AppData\Roaming\Mozilla\Firefox\Profiles\pvp4ss55.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agiuo]
"ServiceDll"="c:\windows\system32\qaahi.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rwquju]
"ServiceDll"="c:\program files\Movie Maker\qaahi.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b9,12,30,a6,bb,1c,b1,77,17,10,50,b6,2a,1a,22,93,d1,49,7d,1c,d0,
b7,3d,de,62,1a,e7,7c,11,bb,39,eb,51,99,73,1c,72,3d,04,da,30,60,27,68,ec,a7,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:b9,12,30,a6,bb,1c,b1,77,17,10,50,b6,2a,1a,22,93,d1,49,7d,1c,d0,
b7,3d,de,62,1a,e7,7c,11,bb,39,eb,51,99,73,1c,72,3d,04,da,30,60,27,68,ec,a7,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2010-10-13 09:36:21
ComboFix-quarantined-files.txt 2010-10-13 07:36
Vor Suchlauf: 15 Verzeichnis(se), 23.087.808.512 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 23.124.422.656 Bytes frei
- - End Of File - - 6CFCD9BC9EE33068374B0B4E2D330B13
Defogger disable log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:08 on 13/10/2010 (Pickel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
|
|
13.10.2010, 11:04
| #9 |
| /// Malware-holic | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! start programme zubehör editor, kopiere rein: Killall:: Rootkit:: c:\windows\System32\qaahi.dll Driver:: agiuo rwquju FTPNKF INHGRLLRMXASC NNAHF RPMYDYQEDYRLWCC Netsvc:: agiuo rwquju Datei speichern unter, ort, dort wo sich combofix.exe befindet. typ alle dateien, name cfscript.txt ziehe cfscript auf combofix, programm startet, log posten. |
|
13.10.2010, 14:06
| #10 |
| | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Habe folgendes Problem, habe combofix ausgeführt und is auch durchgelaufen, allerdings ging relativ gegen ende der bildschirmschoner an--->ruhemodus, danach kamen mehrere fehler und ich musste combofix abbrechen, nun kann ich zwar wieder auf antivirus seiten etc. zugreifen, aber kann combofix nichtmehr ausführen( auch mit defogger der error von vorher). Ich würde aber gerne wissen ob nochwas nicht stimmt mim pc. Irgendwelche ratschläge`? |
|
13.10.2010, 14:14
| #11 |
| /// Malware-holic | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! lad combofix noch mal runter und versuche das combofix script erneut. und "irgendwelche fehler" ist "irgendwie nicht sonderlich hilfreich" was für fehler, ich hätte sie gern als text nich als screenshot. |
|
13.10.2010, 17:09
| #12 |
| | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Habs probiert, funktioniert nicht, combofix bringt immernoch den fehler das einige dateien nicht installiert werden konnten. Und zu den irgendwelchen fehlern, Der pc ist ja in den Ruhezustand gegangen, als er wieder rauskam war combofix in der Log wird erstellt, bitte öffnen sie keine Dateien phase. Es ham sich allerdings die startup programme geöffnet, und dann kamen fehler die ich leider nirgendwo dokumentiert habe, ich erinnere mich wage an ein passwordretreive fehler. und einige zugriffsfehler, die wahrscheinlich durch meine firewall entstanden sind die sich hochgefahren hat und die prozesse in die sandbox schieben wollte. Als ich das verhindern wollte ist der Pc abgestürzt. Geändert von NathanD (13.10.2010 um 17:17 Uhr) |
|
13.10.2010, 17:54
| #13 |
| /// Malware-holic | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! versuche combofix mal im abgesicherten modus, wenn comodo stört dann deinstaliere sie eben mal. |
|
13.10.2010, 18:40
| #14 |
| | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! Im abgesicherten Modus hat alles geklappt, log wird grade erstellt und kommt morgen gegen 9:00 uhr online =) |
|
13.10.2010, 18:45
| #15 |
| /// Malware-holic | Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! ja aber ich komm erst später online :d |
|
| Themen zu Denke ich habe einen Rootkit, Microsoft Seite und Antivirus Seiten können nicht geöffnet werden! |
| adobe, antivirus, bho, bonjour, dll, dsl, explorer, ftp, google, hijackthis, internet, internet explorer, local\temp, logfile, monitor, photoshop, plug-in, rootkit, rundll, security, seiten, software, system, temp, vista, vodafone, windows, wlan |
Linear-Darstellung
