| |
| |||||||
Log-Analyse und Auswertung: Problem mit IDE/SATA-FetsplattenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
10.06.2011, 16:49
| #1 |
 |  Problem mit IDE/SATA-Fetsplatten Hallo Wie so viele habe ich mir auch etwas eingefangen. Habe das gleiche Problem. http://www.trojaner-board.de/100072-...tgestellt.html Ich habe einen OTL log und bitte um Hilfe. Code:
ATTFilter OTL logfile created on: 10.06.2011 17:25:22 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = E:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,96% Memory free 6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 73,77 Gb Free Space | 49,49% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 120,37 Gb Free Space | 86,42% Space Free | Partition Type: NTFS Drive E: | 1,89 Gb Total Space | 1,88 Gb Free Space | 99,51% Space Free | Partition Type: FAT Computer Name: HOLZWURM | User Name: irarref575 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) PRC - C:\Users\irarref575\AppData\Local\Apps\2.0\1CEDPDX9.Z1J\8Q3ZH6PO.5TX\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Windows\System32\ASUSTPE.exe (ASUS) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - E:\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation) DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation) DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "t-online.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.06.05 20:40:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010.09.03 20:51:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.02 07:34:34 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 12:45:57 | 000,000,000 | -H-D | M] [2010.12.10 20:36:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Extensions [2010.12.10 20:36:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.05.24 21:35:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions [2010.04.29 08:36:44 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.04 17:26:35 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.03 12:46:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.05.03 12:46:16 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- [2010.09.03 20:51:24 | 000,000,000 | ---D | M] (LG Air Sync) -- C:\PROGRAM FILES\LG ELECTRONICS\LG PC SUITE IV\LINKAIR\{00ADD29A-66F4-4F22-BCC0-4C1D29DA647B} () (No name found) -- C:\USERS\IRARREF575\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3T7EDO9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.05.02 07:34:32 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 05:08:00 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\irarref575\AppData\Local\Apps\2.0\1CEDPDX9.Z1J\8Q3ZH6PO.5TX\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\irarref575\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\irarref575\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\Shell - "" = AutoRun O33 - MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{59da691c-0366-11df-8447-00235484469c}\Shell\AutoRun\command - "" = I:\Menu.exe O33 - MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\Shell - "" = AutoRun O33 - MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\Shell\AutoRun\command - "" = E:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.10 16:42:47 | 000,000,000 | ---D | C] -- C:\Users\irarref575\AppData\Roaming\Malwarebytes [2011.06.10 16:42:39 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.06.10 16:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.10 16:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.10 16:42:34 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.06.10 16:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.06.09 16:20:46 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore [2011.06.01 08:18:14 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\irarref575\AppData\Roaming\pcouffin.sys [2011.06.01 08:18:14 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Vso [2011.06.01 08:18:14 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\Documents\PcSetup [2011.06.01 08:16:02 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.26 10:58:47 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\PDF24 [2011.05.26 10:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2011.05.26 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2011.05.23 23:05:02 | 000,016,896 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\System32\drivers\FlashUSB.sys [2011.05.23 23:05:02 | 000,000,000 | -H-D | C] -- C:\ifx [2011.05.23 23:02:06 | 000,000,000 | -H-D | C] -- C:\LG_USB [2011.05.23 22:16:56 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2011.05.23 22:16:56 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2011.05.23 22:16:56 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2011.05.23 22:16:11 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\Apps [2011.05.23 22:16:10 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\Deployment [2011.05.23 22:10:09 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\Documents\OneNote-Notizbücher [2011.05.23 13:44:46 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\vlc [2011.05.12 16:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.06.10 17:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.10 17:03:00 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.06.10 17:02:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.10 17:02:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.10 17:02:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.10 17:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.10 17:02:09 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2011.06.10 16:42:39 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.10 16:38:52 | 000,678,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.10 16:38:52 | 000,637,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.10 16:38:52 | 000,147,244 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.10 16:38:52 | 000,120,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.09 16:44:41 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~39968504r [2011.06.09 16:44:41 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~39968504 [2011.06.09 16:20:47 | 000,000,600 | -H-- | M] () -- C:\Users\irarref575\Desktop\Windows Vista Restore.lnk [2011.06.09 16:20:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\39968504 [2011.06.09 11:05:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.06.08 22:30:04 | 000,120,320 | -H-- | M] () -- C:\Users\irarref575\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.01 08:18:14 | 000,087,608 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\inst.exe [2011.06.01 08:18:14 | 000,047,360 | -H-- | M] (VSO Software) -- C:\Users\irarref575\AppData\Roaming\pcouffin.sys [2011.06.01 08:18:14 | 000,007,887 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.cat [2011.06.01 08:18:14 | 000,001,144 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.inf [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.23 23:00:09 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini [2011.05.23 22:59:58 | 000,000,774 | -H-- | M] () -- C:\Users\irarref575\Desktop\LGMobile update.lnk [2011.05.23 22:16:32 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2011.05.23 22:16:30 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2011.05.23 08:12:04 | 000,000,680 | -H-- | M] () -- C:\Users\irarref575\AppData\Local\d3d9caps.dat ========== Files Created - No Company Name ========== [2011.06.10 16:42:39 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.09 16:20:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~39968504r [2011.06.09 16:20:48 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~39968504 [2011.06.09 16:20:47 | 000,000,600 | -H-- | C] () -- C:\Users\irarref575\Desktop\Windows Vista Restore.lnk [2011.06.09 16:20:34 | 000,000,336 | -H-- | C] () -- C:\ProgramData\39968504 [2011.06.01 08:18:14 | 000,087,608 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\inst.exe [2011.06.01 08:18:14 | 000,007,887 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.cat [2011.06.01 08:18:14 | 000,001,144 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.inf [2011.01.23 21:16:45 | 000,000,680 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\d3d9caps.dat [2010.09.16 23:35:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2010.09.16 23:35:32 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010.09.03 21:26:52 | 000,038,214 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2010.06.29 06:34:58 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys [2009.08.26 09:31:31 | 002,707,563 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\NMM-MetaData.db [2009.06.22 21:18:01 | 000,256,158 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\mdbu.bin [2009.05.31 21:46:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.31 21:46:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.03.12 00:57:00 | 000,013,855 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\UserTile.png [2009.03.01 19:23:19 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2009.01.15 00:36:02 | 000,000,098 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\fusioncache.dat [2009.01.02 19:17:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009.01.02 18:30:01 | 000,120,320 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.11 01:24:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2008.11.11 01:19:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2008.11.11 01:19:06 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe [2008.11.11 01:19:03 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2008.11.10 23:57:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.10 23:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.04.16 13:11:34 | 000,678,092 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 13:11:34 | 000,147,244 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.03.09 15:32:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.03.04 13:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.02.28 04:14:03 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,406,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,637,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,120,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.02.25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL ========== LOP Check ========== [2009.01.05 21:09:03 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools [2009.01.05 20:56:31 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools Lite [2009.01.05 21:09:03 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools Pro [2011.03.09 10:01:50 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\FRITZ! [2011.01.12 20:23:28 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\FUJIFILM [2010.09.17 00:01:33 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\ML [2009.06.05 11:35:26 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Mp3tag [2009.06.05 10:54:55 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Nokia [2009.06.05 10:41:02 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\PC Suite [2009.03.12 00:57:00 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\PeerNetworking [2011.01.28 21:43:34 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Teleca [2010.12.10 20:36:33 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\TomTom [2011.06.01 08:18:15 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Vso [2011.06.10 17:01:20 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.20 16:46:06 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DAC806BD-EA5E-43F7-A13C-BF225E18D1DF}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.06.2011 17:25:22 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,96% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 73,77 Gb Free Space | 49,49% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 120,37 Gb Free Space | 86,42% Space Free | Partition Type: NTFS
Drive E: | 1,89 Gb Total Space | 1,88 Gb Free Space | 99,51% Space Free | Partition Type: FAT
Computer Name: HOLZWURM | User Name: irarref575 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A2323B-8220-4716-B91A-8011D873DBD3}" = rport=445 | protocol=6 | dir=out | app=system |
"{1336F39A-AFAC-4DB6-A290-FF12B67734C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FBB7E3B-3312-47F7-B997-300235CD3663}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A96E6D3-C280-4997-BC71-D9155CEC4794}" = rport=138 | protocol=17 | dir=out | app=system |
"{45553A84-5EB7-4383-8845-3FBF5FAFD6C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45E483D3-CB34-4D49-BF3C-1089B225F3AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C05F9B7-CF2D-41DF-8D71-66BA40B7C85A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52D05BB7-D592-457A-9BBE-F9BA99C3D687}" = lport=139 | protocol=6 | dir=in | app=system |
"{601D63A7-F111-4CA0-B58B-C7CEB746D8A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{78E2D20C-A5AD-424B-A96D-D1D411E0E28C}" = rport=137 | protocol=17 | dir=out | app=system |
"{797061C8-B8F8-4BF7-95FB-F0D36C5B79C7}" = lport=445 | protocol=6 | dir=in | app=system |
"{93920541-E658-4EAF-A897-C3A4F51A5495}" = lport=137 | protocol=17 | dir=in | app=system |
"{96CE9379-8C59-4124-AC74-BDFEED0E6E6B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9735E29B-085B-44FA-9CCE-D1FB110C1051}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A8A09511-E36E-47C2-A72A-A9CEE2B68B1C}" = rport=139 | protocol=6 | dir=out | app=system |
"{AF6E000A-F7C0-4C5F-ACBF-527232BC9145}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BA00EA41-CEF6-480D-ACA2-8B17CF031788}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D84069AA-D67E-488D-BE97-0EE796EDC0FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E3A0E6F3-0573-4AD2-B46C-F3D6C9563E85}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B89225-D4D3-4AA4-898A-5F30872F2AF2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{1974B17D-9FCF-4978-80CF-BC580DEF4771}" = protocol=6 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{32A42354-83D6-4999-A6A4-D93EE4F6F8D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43FB0FC8-798F-4510-8931-85AAAF4EC93C}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{48D36D0C-1463-428F-A7BE-FC373E667899}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{524F97C3-658D-4C69-81C8-C7CFD6BECD76}" = protocol=17 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{584796A8-8E57-494D-AFAD-20F90E6A3E14}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5FC8016D-D74D-46F6-BF48-E51FB10295CA}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{71819097-990E-418B-AEB0-D25150E08CA2}" = protocol=17 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{73D5A79B-882D-47E7-8D9D-5ABD72627C71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{775FCAEC-D7E7-4C91-B569-B72421394B38}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7AB0479E-AD45-4723-8C26-ACB13507CD41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7C2220E9-041F-4A7B-8086-BFD3BD31885D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{831B8E3C-EBA1-4351-9B60-FA681B5EFF57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9CF141DC-A75F-43C4-8DD1-775E44C7919A}" = protocol=6 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{CEB49EC0-0ECF-4212-AEAB-6562D0F66586}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D30E1B66-5793-4BCE-9674-6D95DD26875C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DD4D1ABC-C2DB-4B9E-A2A4-C69DB847C9B7}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{EBD9B9A8-043B-49B2-BD59-23D48F372714}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{F81CCF73-B251-4EFD-8F9D-06499A3E94AA}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft totalmedia\totalmedia.exe |
"{FBB6952B-A3F8-4F6F-9AA3-2DE0815AF73D}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft totalmedia\totalmedia.exe |
"TCP Query User{0C681BFB-5BCB-43FC-BB80-7640C575E2EC}C:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"TCP Query User{1102CEB2-1136-46F9-8DB1-81A311DEE7F8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{147B9FE5-06B0-49CD-8FE8-787DABBD69C0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{1D23D45B-08E2-4D20-A89A-EA54F6130F54}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{2E0CA8F8-E509-4C1E-BEF4-9089FF5C0D8A}D:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe |
"TCP Query User{4F2C8516-669A-4AF2-B0DE-9FE8AFF40B61}D:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe |
"TCP Query User{67AEE045-D564-4E54-BD10-C0FE4845DD10}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{AAF0A85B-6B1C-4981-9EFA-D5E4D32ECF64}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{ACAECD4E-123A-4FAE-9309-CB74AC1F1FB7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{D61F9CA2-24E6-4BC4-ACE9-9E1078F39F99}D:\neuer ordner\cod4\cod4\iw3mp.exe" = protocol=6 | dir=in | app=d:\neuer ordner\cod4\cod4\iw3mp.exe |
"TCP Query User{D8A0D2B4-A941-4AD2-91CE-9A5E5B1C060F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E296349A-C379-44B6-A31E-BAB6640A262E}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"TCP Query User{ECF60BC5-9EC9-494D-B1EC-0490F8CAF1FE}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"UDP Query User{2689C806-7553-4728-A8A4-6F149C96DCEB}D:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe |
"UDP Query User{3B3F54F4-0863-4D8A-A307-39E3477A54D5}C:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"UDP Query User{3BAAE4DB-74DB-47AD-AB09-5C2EA06BA8F2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4A81A867-E6BC-42F4-A59E-C97FBCB88FD8}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"UDP Query User{7D0C2B6B-A706-4C51-9970-E6CC81CF1F89}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{8222BDE7-C16B-43AC-994C-57FA1CF6BAD9}D:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe |
"UDP Query User{8AB6D321-361E-4A08-BADD-36BF0D676D54}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{A39FF9F3-919D-434A-B12E-67D155315506}D:\neuer ordner\cod4\cod4\iw3mp.exe" = protocol=17 | dir=in | app=d:\neuer ordner\cod4\cod4\iw3mp.exe |
"UDP Query User{BA985D21-8843-4846-92B1-04F4EDF46BB4}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{BF6CF929-AE18-4695-9763-D79507A07039}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{CC46F96F-4DC4-4AF3-8188-C014F830D27B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F369DD4E-EB21-452A-9626-5BBCF234594F}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{FD224C18-2BD6-432C-A647-8E116B863710}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{D09E159D-0264-4597-B200-A9B4C0866F25}" = Samsung RAW Converter 4
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem (02/24/2009 4.0)
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem (02/23/2009 7.01.0.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{D09E159D-0264-4597-B200-A9B4C0866F25}" = Samsung RAW Converter 4
"Intelli-studio" = SAMSUNG Intelli-studio
"LG Internet Kit" = LG Internet Kit
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mp3tag" = Mp3tag v2.43
"Nokia PC Suite" = Nokia PC Suite
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"TomTom HOME" = TomTom HOME 2.8.1.2218
"Valentin Meteo Data 1.0.24_is1" = Valentin Meteo Data 1.0.24
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2011 09:37:28 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.05.2011 09:38:37 | Computer Name = Holzwurm | Source = WinMgmt | ID = 10
Description =
Error - 02.05.2011 09:46:18 | Computer Name = Holzwurm | Source = EventSystem | ID = 4621
Description =
Error - 03.05.2011 06:35:01 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.05.2011 06:35:01 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.05.2011 06:35:45 | Computer Name = Holzwurm | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2011 06:39:51 | Computer Name = Holzwurm | Source = VSS | ID = 8193
Description =
Error - 03.05.2011 06:44:43 | Computer Name = Holzwurm | Source = VSS | ID = 8193
Description =
Error - 03.05.2011 06:45:29 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.05.2011 06:46:45 | Computer Name = Holzwurm | Source = EventSystem | ID = 4621
Description =
[ Media Center Events ]
Error - 30.01.2011 16:01:59 | Computer Name = Holzwurm | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ System Events ]
Error - 09.06.2011 14:07:47 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 09.06.2011 14:08:34 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.06.2011 10:01:20 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 10.06.2011 10:02:32 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.06.2011 10:33:51 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 10.06.2011 10:34:41 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.06.2011 10:52:26 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 10.06.2011 10:54:22 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.06.2011 11:02:15 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 10.06.2011 11:03:08 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Malwarebytes habe ich durchlaufen lassen aber vergesser vor dem Neustart den Bericht zu sichern. Sorry. Im Benutzerkonto 2 kommen die Fehlermeldungen nicht. Ich kann aber auf keine Dateien meines Kontos zugreifen. Alles leer bzw. wird nicht angezeigt. Danke Wer suchet der findet Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6826
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
10.06.2011 16:50:31
mbam-log-2011-06-10 (16-50-31).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168851
Laufzeit: 4 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hupbXGtblaxktVF (Trojan.FakeAlert) -> Value: hupbXGtblaxktVF -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Wer suchet der findet
Infizierte Dateien:
c:\programdata\hupbxgtblaxktvf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\39968504.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\9186.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\91B6.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\9840.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\tmp9138.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Für Hilfe bin ich sehr dankbar. Gruß Christian |
| Themen zu Problem mit IDE/SATA-Fetsplatten |
| antivir, avira, bho, converter, desktop, dsl, error, excel, firefox, flash player, gfnexsrv.exe, google earth, home, igdctrl.exe, install.exe, installation, intranet, jdownloader, keine dateien, logfile, microsoft office word, mozilla, mp3, oldtimer, picasa, plug-in, problem, realtek, registry, rundll, scan, sched.exe, searchplugins, security, senden, shell32.dll, shortcut, software, sptd.sys, start menu, svchost.exe, usb 2.0, vista, visual studio |
Baum-Darstellung