Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.02.2013, 21:00   #1
dr_ckshacker
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Böse

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



Mein Problem ist folgendes:

Ich hatte einen Remote Access Trojaner auf dem Rechner und bin so vorgegangen:

1. Combofix laufen lassen - hat in den temporären Dateien eine server.exe gelöscht.
2. Malwarebytes laufen lassen - nichts gefunden
3. Eset Nod32 und Avast laufen lassen - nichts gefunden
4. Mit GMER beim Neustart geprüft - beim ersten Scan fand er den Prozess svchost.exe zweimal als Rootkit/Malware. Also hab ich den Prozess gesucht und in den Threads waren dann zwei Fragezeichen untereinander. Die ntdll.dll wird recht häufig angezeigt?
5. Beim zweiten Scan fand er svchost.exe nicht mehr. Nach einem Neustart sind sie aber wieder da.
6. Habe einen Log mit GMER erstellt
7. Mit MBAR gescannt aber nichts gefunden
8. Wenn ich das Programm Autoruns ausführe findet er in den Treibern immer fxldqkow.sys, diese war auch in den temporären Dateien gespeichert, wurde aber gelöscht. Wenn ich es aus den Autostarts rausnehme und neustarte, ist es wieder aktiviert.
9. Habe einen HijackThis-Log erstellt
10. Brauche bitte eure Hilfe, da ihr euch auskennt

Die Logfiles hab ich als ZIP-Archiv angehängt

Bilder von GMER und Autoruns:



Geändert von dr_ckshacker (15.02.2013 um 21:06 Uhr)

Alt 16.02.2013, 00:33   #2
markusg
/// Malware-holic
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



hi
alle Logs sind nicht hier, was ist zb mit Combofix? die logdatei mit Funden fehlt.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 16.02.2013, 02:09   #3
dr_ckshacker
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/16/2013 2:25:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthias\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.38 Gb Available Physical Memory | 84.55% Memory free
8.00 Gb Paging File | 7.47 Gb Available in Paging File | 93.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 92.78 Gb Free Space | 31.13% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 41.35 Gb Free Space | 4.44% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 26.54 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 85.65 Gb Free Space | 36.78% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/16 01:52:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/10/30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/04/07 16:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010/09/07 21:34:29 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2013/02/08 02:15:19 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/24 12:52:00 | 002,074,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/02 22:37:28 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/07 21:34:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/18 00:00:56 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/17 16:25:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service)
SRV - [2010/08/17 16:25:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/19 16:52:44 | 000,166,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2008/03/19 16:52:38 | 000,051,816 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2006/06/05 13:32:34 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SecurWall\SWService.exe -- (SWService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - [2013/02/13 16:05:03 | 000,045,368 | ---- | M] (Zemana Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/10/03 17:28:52 | 000,030,720 | ---- | M] (Panda Security, S.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prot6flt.sys -- (Prot6Flt)
DRV:64bit: - [2012/09/21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/23 12:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/14 07:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 00:07:04 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/02/17 00:07:04 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/07/01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2010/04/06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/06/24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2007/06/24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2007/06/24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2007/03/05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT)
DRV:64bit: - [2007/03/05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV:64bit: - [2007/03/05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum)
DRV:64bit: - [2007/03/05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - [2007/03/05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2006/11/08 08:59:36 | 000,602,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PA707UCM.SYS -- (PAC7311)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/10 16:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2007/06/24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/06/24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/03/05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007/03/05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm)
DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lobi-n-ger.bei-uns.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 C9 48 82 1B 59 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matthias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/10/03 21:13:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/14 15:36:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/10/03 21:13:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthias\AppData\Roaming\IDM\idmmzcc5 [2012/08/23 21:48:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthias\AppData\Roaming\IDM\idmmzcc5 [2012/08/23 21:48:59 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Matthias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: DoNotTrackMe = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\
CHR - Extension: AdBlock = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: avast! WebRep = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Social Fixer for Facebook = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\7.501_0\
CHR - Extension: Forecastfox = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: Wajam = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Hover Zoom = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.11_0\
 
O1 HOSTS File: ([2013/02/11 01:20:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CED122-BDD9-49F5-A14F-68721DB39CBF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE472497-C90C-4D55-B013-530656FD91CC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18:64bit: - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/17 23:20:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/16 01:52:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2013/02/14 15:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/02/14 15:40:07 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/14 15:40:06 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/14 15:39:35 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/02/14 15:37:50 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/02/14 15:37:48 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/14 15:37:46 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/14 15:37:43 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013/02/14 15:37:38 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/14 15:37:35 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/14 15:36:23 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2013/02/14 15:35:09 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/14 15:35:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/02/14 15:03:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/14 14:55:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/14 13:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender
[2013/02/13 16:05:03 | 000,045,368 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/02/13 16:05:02 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Zemana
[2013/02/13 16:04:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
[2013/02/13 16:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
[2013/02/13 16:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiLogger
[2013/02/13 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware
[2013/02/13 15:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Zemana AntiMalware
[2013/02/13 02:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/02/13 02:39:33 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Comodo
[2013/02/13 02:39:26 | 000,056,072 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/02/13 02:39:26 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/02/13 02:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/02/12 02:25:47 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/02/12 02:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/02/12 01:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/11 04:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/11 04:06:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Programs
[2013/02/11 03:48:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2013/02/11 03:48:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/11 03:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/11 03:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/11 03:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/11 03:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/02/11 03:08:46 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/11 03:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/11 03:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/11 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/11 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Removal
[2013/02/10 22:09:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Vitalwerks
[2013/02/10 22:09:28 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2013/02/10 22:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/16 02:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 02:14:38 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 02:13:45 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013/02/16 02:13:45 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013/02/16 02:13:45 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013/02/16 02:02:40 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 02:02:40 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 01:59:19 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/16 01:52:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe
[2013/02/16 01:35:29 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140220441-261415344-3903074190-1001UA.job
[2013/02/16 01:35:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140220441-261415344-3903074190-1001Core.job
[2013/02/16 01:19:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/16 01:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/15 21:57:30 | 000,032,995 | ---- | M] () -- C:\Users\Matthias\Desktop\Logdateien.zip
[2013/02/15 21:35:08 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/15 18:10:53 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/15 18:10:53 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/15 18:10:53 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/15 02:43:31 | 000,085,504 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/14 15:37:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/14 15:10:57 | 007,706,908 | ---- | M] () -- C:\Users\Matthias\Documents\AutoRuns.arn
[2013/02/13 16:33:44 | 003,065,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 16:05:03 | 000,045,368 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/02/13 05:29:08 | 647,040,826 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/13 02:39:26 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/02/13 02:39:26 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/02/12 03:14:32 | 000,000,017 | ---- | M] () -- C:\Users\Matthias\AppData\Local\resmon.resmoncfg
[2013/02/12 02:13:52 | 003,319,110 | ---- | M] () -- C:\Users\Matthias\Documents\bookmarks_2_12_13.html
[2013/02/11 03:11:07 | 000,002,279 | ---- | M] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/11 01:20:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/26 22:32:50 | 002,370,461 | ---- | M] () -- C:\Users\Matthias\Desktop\Der_Wille_zur_Kraft.pdf
[2013/01/22 01:30:04 | 000,020,874 | ---- | M] () -- C:\Users\Matthias\Desktop\Kai Greene.xspf
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/15 21:57:30 | 000,032,995 | ---- | C] () -- C:\Users\Matthias\Desktop\Logdateien.zip
[2013/02/14 15:40:09 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/12 03:14:32 | 000,000,017 | ---- | C] () -- C:\Users\Matthias\AppData\Local\resmon.resmoncfg
[2013/02/12 02:13:51 | 003,319,110 | ---- | C] () -- C:\Users\Matthias\Documents\bookmarks_2_12_13.html
[2013/02/11 14:00:03 | 007,706,908 | ---- | C] () -- C:\Users\Matthias\Documents\AutoRuns.arn
[2013/02/11 04:17:45 | 647,040,826 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/11 03:10:36 | 000,002,279 | ---- | C] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/11 03:09:02 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 03:09:00 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 03:08:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/01/26 23:24:38 | 002,370,461 | ---- | C] () -- C:\Users\Matthias\Desktop\Der_Wille_zur_Kraft.pdf
[2013/01/26 22:46:54 | 004,119,594 | ---- | C] () -- C:\Users\Matthias\Desktop\Chris_Aceto_-_Championship_Bodybuilding.pdf
[2013/01/22 01:30:04 | 000,020,874 | ---- | C] () -- C:\Users\Matthias\Desktop\Kai Greene.xspf
[2013/01/20 02:17:12 | 000,050,844 | ---- | C] () -- C:\Users\Matthias\Documents\dolan pls6 dost thou even hoist.jpg
[2013/01/20 02:17:12 | 000,040,533 | ---- | C] () -- C:\Users\Matthias\Documents\Okay dolan.png
[2013/01/20 02:17:12 | 000,035,609 | ---- | C] () -- C:\Users\Matthias\Documents\why so serious dolan.jpg
[2013/01/20 02:17:12 | 000,024,920 | ---- | C] () -- C:\Users\Matthias\Documents\dolan pls come at me bro.jpg
[2013/01/20 02:17:12 | 000,014,476 | ---- | C] () -- C:\Users\Matthias\Documents\scumbag dolan.png
[2011/05/09 20:34:54 | 000,000,218 | ---- | C] () -- C:\Users\Matthias\.recently-used.xbel
[2011/04/13 20:26:31 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/02/25 22:25:36 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011/02/25 22:25:34 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/25 22:25:34 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/17 01:34:29 | 000,011,125 | ---- | C] () -- C:\Users\Matthias\gsview64.ini
[2011/02/17 01:26:46 | 000,001,515 | ---- | C] () -- C:\Users\Matthias\gsview32.ini
[2010/11/12 00:32:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/18 18:43:04 | 000,085,504 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/22 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\.visualvm
[2010/08/20 23:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ableton
[2012/12/28 15:52:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon
[2011/10/04 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft
[2013/01/09 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Avnex
[2010/09/11 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Bump Technologies, Inc
[2010/10/14 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Deckadance
[2013/02/16 02:13:29 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DMCache
[2010/10/14 19:23:06 | 000,000,000 | -H-D | M] -- C:\Users\Matthias\AppData\Roaming\FDBTemp
[2010/08/17 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FlashFXP
[2013/02/14 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2013/02/10 01:20:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IDM
[2012/12/26 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\iPumper
[2010/09/28 14:17:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView
[2010/10/14 18:08:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\phonostar GmbH
[2011/01/04 23:35:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\RouterControl
[2012/12/28 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Samsung
[2010/08/17 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Shark007
[2010/11/12 02:48:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TrojanHunter
[2012/10/02 22:44:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ts3overlay
[2013/01/06 00:06:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ts3overlay_hook_win64
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 2/16/2013 2:25:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthias\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.38 Gb Available Physical Memory | 84.55% Memory free
8.00 Gb Paging File | 7.47 Gb Available in Paging File | 93.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 92.78 Gb Free Space | 31.13% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 41.35 Gb Free Space | 4.44% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 26.54 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 85.65 Gb Free Space | 36.78% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C01ED9D-A8F8-4A7F-B240-927C76423FC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{308B1E42-0A9C-4603-9AEE-BB241B9332E0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3214967B-8806-4BF9-A88E-173C2CFDF8BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3A5F6588-08B5-4991-A205-B0F61584A1B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{444B7ADA-FF8A-4AFC-842C-401FD622CC98}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{44929747-5538-4888-80A8-DF1BF0159F00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4BE64E88-10D7-421B-82B0-EB85125FA824}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4C40BEA4-56EF-4AF7-85B4-A4D85E6B3E78}" = rport=139 | protocol=6 | dir=out | app=system | 
"{614B3614-EAA2-4F27-9677-F30B90C1387F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{62CF851F-F915-430D-AA2C-4539481D5E99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{76DA96BB-2751-416C-B8C9-EB0F42C6AC03}" = rport=138 | protocol=17 | dir=out | app=system | 
"{79CCDD93-3FE1-471D-8F40-70A7BCA907D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79F1CBD4-1179-4AA6-95FF-AD128534C594}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7B438F17-C432-4B87-AADB-FDAB28F48507}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8007C5C1-D167-4DCD-B008-83F0CF73D61E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83649496-3C0C-4FAA-82C0-28911153DB35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83C94C05-42B8-417A-BD54-7231939AAD4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{8D557B80-99AD-4CF7-A9F3-DA065DA8D8B1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{925A3220-CB78-40D6-A882-19EF3DB7DFF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{955E1871-7A3E-47E1-8A51-6DBC6430B055}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B86CDE5A-CC7A-43B8-B3F8-BD2008206BBD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CA72AD2E-BD62-4AB0-8F2E-4D96F3FDB37C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D2DEDFE1-337A-4191-A21D-0FABB9A90003}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D58D25C4-77E9-4327-8986-E2E768D4F9A1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D5CF0BF5-06EF-494F-9732-8E99DA5F4F39}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DFBFE8F2-33DF-41C0-8482-E52076189011}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FF114374-EE27-4450-8E72-CAB0E7B79C3C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00489E2B-E747-4949-ADAC-C32041FFAE89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{00E495B2-E345-4A41-BE29-9288C300E3CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe | 
"{02F2C00C-01FD-42B4-9B42-01EF3B2F7602}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{0539F33F-7C16-4D59-B813-E3964D44BF33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0933007F-6E19-4FA4-B54E-326136F543E3}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | 
"{0C999DF0-AD07-4026-BFD2-CAF1F44D00CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0DFE99DA-C425-4111-9A93-6EA53736F5C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1C2DAB61-2DA9-4F2F-8B48-013FA5BB046C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{21F2790D-799B-4602-ABAA-A623E4205BF5}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe | 
"{2883C7DF-B342-4A1B-AFEA-671974DEFD9F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2F104665-2E4B-4086-895A-511F4CC8CEA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{31D1E290-4EB2-4EE0-927A-2725222861C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{33DF270C-7BF5-416D-9154-41AD6B553538}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{346FFD43-91CB-4357-90E7-88F13501101E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{376B44FB-8CF1-4A61-9E6A-3DB9AD1ED828}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{3EDE8534-B31F-4E62-8339-E59A03207AC2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 client\ts3client_win64.exe | 
"{3F39ED13-9251-48A9-A221-2782C8E48ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4667A036-245E-42E1-B18A-0E5198DC9C58}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{495896D0-B71A-4CEF-A361-F30403402F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4C727BEC-42BA-497C-9280-0B06D6F5DDC1}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | 
"{502C1DE8-4716-4F49-8D72-DD668180FD09}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{53A99386-FE2C-4BA9-9BD8-4D59486A46F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{591D31F6-280A-4E83-8D66-9F51029B3693}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{5BE35FE3-9D3D-4954-822D-12E45D1981A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{5C23F47C-0AE6-4046-8282-7C188568A126}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{61679743-203D-44A5-83DB-5858484F34B1}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe | 
"{6196174B-523B-4117-AEF3-D47BDF4341A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6BC9D432-87C7-4C0E-95AA-05D49DCCF119}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe | 
"{6C0A4FA3-37D4-4416-9E14-29A01D93B14C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{74BE9CC4-9B59-4184-A6FC-0CA576C739AD}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{7531484B-D116-40C2-B656-E283983E4438}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7D14D186-907E-4FF6-942B-63DF132DDC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{81A95FCA-160E-4076-A739-607449465BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{84A9BDC5-C4E8-41B7-A305-7B9F5EFEF409}" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 client\ts3client_win64.exe | 
"{8574BA6B-FB5C-497A-A7F1-F22C7F204417}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe | 
"{874C16C3-4D28-4186-A91A-E012832EAC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{8C63E70A-7CE0-4638-AD88-6FAB48E15F32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe | 
"{8EDC0D92-9EEC-41FC-8EFC-4634B62D4FF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9819A37A-42EB-49F1-ACA9-16066EC35FBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{9867861D-61B0-45FA-A6B0-6ED729EAEE87}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{99E9A571-CF7F-4335-B69B-3EB1843434EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe | 
"{9B521F36-B04D-4718-A349-0C874C852139}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9B9A1E5A-3422-4E22-BC2E-BD09A43829E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{9F5F22BB-7A16-472F-B96D-A1EE9CFE6EA5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A10AA53B-0A50-4D57-995F-E6E63907EC6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{A8CEF28E-E982-47DD-BBE0-52030E1CB16C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{AAB099D4-72A6-4EF2-BA98-9BA1D67B90F3}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe | 
"{B19DE333-CD49-4985-BBD7-DA129C27DB59}" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe | 
"{B5B41F9B-59BA-47D7-960E-2BFD97E726CB}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{BC0B6B78-E913-4DA0-BBD6-B1E0E1804E3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{BE2BB99B-4940-43E5-8F32-948F13E3469F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{BF1BEC85-55DF-4BB5-8C79-B629484E62B8}" = dir=in | app=c:\users\matthias\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{C7EE13D4-BF09-4060-9DED-CFA7D538ACA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D735B421-1A04-462B-9157-54E42B507C22}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{DAD3B541-3844-4115-AA59-23ABA3BC22C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DC1E0A32-527E-4CE1-8168-1DD82D12935A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{E11A6793-9D6E-4629-8F3D-FDBDEF01C167}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E89130D6-99E3-4D78-9D64-0DC2F161C624}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{EAB52413-1F4C-40BB-8EED-A72C971ADA3F}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{EB49F344-7F3E-4E11-AD12-844160C23BBA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F85A7F83-A8E5-49AC-907C-7F2A31523F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe | 
"{F9DD2B10-0B2A-4F9C-B119-6F72A0391678}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{0AD30EB8-3D1F-41F3-A462-3400580561EB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{14A179D3-2255-40B4-A3BC-5B0C4B17E583}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | 
"TCP Query User{16A052A4-78CD-4F86-8BA3-592D101F9AC6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{4856034E-5293-4A2C-859E-9A05ECFAF688}C:\program files (x86)\teamspeak 3 server\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe | 
"TCP Query User{61D09912-6118-438A-9EA8-B73027A297BF}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | 
"TCP Query User{B97E66D0-836F-410B-A324-7502A88AD500}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe | 
"TCP Query User{BFF0AEDB-00DA-424F-95DF-353A95FD5127}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe | 
"TCP Query User{C435D892-27E9-49CE-ADE1-63FE45C7E02D}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{C62408C4-B732-42B0-A051-A7F5139AD9CB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{0CA28F9C-7953-4B48-B338-9A09EE1C26B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | 
"UDP Query User{0D7BE103-49EC-48D2-9226-8B58F37C7639}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe | 
"UDP Query User{11CBF97D-C502-424D-A0A7-C848B74C1C14}C:\program files (x86)\teamspeak 3 server\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe | 
"UDP Query User{2B11E244-77F0-4BE5-871F-9643351F43D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{42A71C00-08FE-43CA-89F1-199B1A504DA4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{4B523CCD-F2EA-4246-8011-ACB130CE7CFD}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{86D0EF58-F211-4CA7-9C6E-452F7EEA069F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |  
"UDP Query User{8E949DBC-20B4-446B-93B4-11A0063D6E5F}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | 
"UDP Query User{F9EC08AD-291B-4997-B828-F7EF27BBC0E0}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9641237-252F-467E-88FB-5CAB9E42583E}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR archiver
"x64 Components_is1" = x64 Components v2.6.4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera 
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB5A44CB-3045-43E2-BEB0-B64E477D4633}" = EZXFunkmasters
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED8D44F-CEBB-4298-8D0E-E01AF6AC0663}" = EZXJazz
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"0630-0716-3135-7887" = JDownloader 2
"3DMIDI" = Creative 3DMIDI Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AntiLogger" = AntiLogger
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Internet Security
"Comodo Dragon" = Comodo Dragon
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Deckadance" = Deckadance
"DivX Setup.divx.com" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IL Download Manager" = IL Download Manager
"InstallShield_{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera 
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Live 8.1.1" = Live 8.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 730" = Counter-Strike: Global Offensive
"UltraISO_is1" = UltraISO Premium V9.35
"VLC media player" = VLC media player 1.1.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
Error - 2/15/2013 9:07:10 PM | Computer Name = Matthias-PC | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 2/15/2013 9:07:46 PM | Computer Name = Matthias-PC | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 2/15/2013 9:09:40 PM | Computer Name = Matthias-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 13dc    Start Time:
 01ce0be213ef3fd2    Termination Time: 0    Application Path: C:\Users\Matthias\Desktop\OTL.exe

Report
 Id: 880c47de-77d5-11e2-8c49-b7652d46020b  
 
Error - 2/15/2013 9:13:05 PM | Computer Name = Matthias-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 11a8    Start Time:
 01ce0be24c77529b    Termination Time: 0    Application Path: C:\Users\Matthias\Desktop\OTL.exe

Report
 Id: 022a1446-77d6-11e2-8c49-b7652d46020b  
 
[ System Events ]
Error - 2/15/2013 9:15:13 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/15/2013 9:15:15 PM | Computer Name = Matthias-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 2/15/2013 9:15:16 PM | Computer Name = Matthias-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 2/15/2013 9:15:16 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/15/2013 9:15:21 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
 
< End of report >
         
--- --- ---

Der Combofix-Log wurde leider gelöscht als ich das Programm deinstalliert hab.
Danke für deine schnelle Antwort
__________________

Geändert von dr_ckshacker (16.02.2013 um 02:26 Uhr)

Alt 18.02.2013, 17:00   #4
markusg
/// Malware-holic
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



Hi,

[OTLFIX]
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 16:40   #5
dr_ckshacker
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



Hi

OTL nochmal laufen lassen und auf FIX drücken oder wie?


Alt 19.02.2013, 18:09   #6
markusg
/// Malware-holic
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



hi, sorry
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?

Alt 19.02.2013, 19:02   #7
dr_ckshacker
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



ok, mach ich

Alt 19.02.2013, 20:25   #8
markusg
/// Malware-holic
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



hi,
lade den CCleaner standard:
http://filepony.de/download-ccleaner/
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 21:31   #9
dr_ckshacker
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



Addictive Drums 15.02.2013 notwendig
Adobe Anchor Service x64 CS4 16.08.2010 unnötig
Adobe CMaps x64 CS4 16.08.2010 unnötig
Adobe CSI CS4 x64 16.08.2010 unnötig
Adobe Drive CS4 x64 16.08.2010 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.02.2013 6,00 MB 11.5.502.149 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.02.2013 6,00 MB 11.5.502.149 unnötig
Adobe Fonts All x64 16.08.2010 unnötig
Adobe Linguistics CS4 x64 16.08.2010 unnötig
Adobe PDF Library Files x64 CS4 16.08.2010 unnötig
Adobe Photoshop CS4 Adobe Systems Incorporated 15.02.2013 1.926 MB 11.0 notwendig
Adobe Photoshop CS4 (64 Bit) 16.08.2010 notwendig
Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 19.10.2012 119,2 MB 9.5.2 notwendig
Adobe Type Support x64 CS4 16.08.2010 unnötig
Adobe WinSoft Linguistics Plugin x64 16.08.2010 unnötig
Advanced Archive Password Recovery ElcomSoft Co. Ltd. 23.11.2012 4.53 notwendig
AntiLogger Zemana Ltd. 15.02.2013 notwendig
Any Video Converter 3.2.7 Any-Video-Converter.com 03.10.2011 91,5 MB notwendig
Apple Application Support Apple Inc. 05.03.2011 51,0 MB 1.5.0 unnötig
Apple Software Update Apple Inc. 26.11.2011 2,38 MB 2.1.3.127 unnötig
Ashampoo Burning Studio 9.20 ashampoo GmbH & Co. KG 19.08.2010 9.2.0 notwendig
ASIO4ALL 15.02.2013 notwendig
ASUSUpdate 15.02.2013 notwendig
avast! Internet Security AVAST Software 15.02.2013 7.0.1474.0 notwendig
Battlefield: Bad Company 2 DICE 15.02.2013 notwendig
Bluesoleil2.7.0.35 VoIP Release 080317 IVT Corporation 26.12.2010 13,4 MB 2.7.0.35 VoIP Release 080317 unnötig
CBR Reader cbrreader.com 14.01.2012 2,67 MB notwendig
CCleaner Piriform 25.11.2010 3.01 notwendig
Comodo Dragon COMODO 15.02.2013 70,7 MB 24.2.0.0 unnötig
Counter-Strike: Global Offensive 15.02.2013 notwendig
Counter-Strike: Source Valve 15.02.2013 notwendig
Creative 3DMIDI Player Creative Technology Limited 15.02.2013 1.11 notwendig
Creative Audio-Systemsteuerung Creative Technology Limited 15.02.2013 3.00 notwendig
Creative Konsole Starter Creative Technology Limited 15.02.2013 notwendig
Creative Software AutoUpdate Creative Technology Limited 15.02.2013 1.40 notwendig
Creative Sound Blaster Properties x64 Edition Creative Technology Limited 15.02.2013 1.02 notwendig
Deckadance Image-Line bvba 15.02.2013 unnötig
DivX-Setup DivX, Inc. 15.02.2013 2.1.2.2 unnötig
Dolby Digital Live Pack Creative Technology Limited 15.02.2013 3.00 notwendig
DTS Connect Pack Creative Technology Limited 15.02.2013 1.00 notwendig
ESET NOD32 Antivirus ESET, spol. s r.o. 02.10.2012 71,1 MB 5.2.9.12 notwendig
EVEREST Ultimate Edition v5.50 Lavalys, Inc. 24.02.2011 5.50 notwendig
EZdrummer Toontrack 24.11.2010 704 MB 1.1.6 notwendig
EZXClaustrophobic Toontrack 24.11.2010 1.146 MB 1.0 notwendig
EZXCocktail Toontrack 24.11.2010 175,0 MB 1.0 notwendig
EZXDfh Toontrack 24.11.2010 620 MB 1.0 notwendig
EZXFunkmasters Toontrack 24.11.2010 643 MB 1.0.0 notwendig
EZXJazz Toontrack 24.11.2010 621 MB 1.0.0 notwendig
EZXNashville Toontrack 24.11.2010 980 MB 1.0 notwendig
EZXPercussion Toontrack 24.11.2010 736 MB 1.0 notwendig
EZXTwisted Toontrack 24.11.2010 845 MB 1.0 notwendig
EZXVintage Toontrack 24.11.2010 720 MB 1.0 notwendig
Facebook Video Calling 1.2.0.287 Skype Limited 23.10.2012 4,77 MB 1.2.287 unnötig
FL Studio 9 Image-Line 15.02.2013 notwendig
Free M4a to MP3 Converter 6.2 ManiacTools.com 24.09.2010 3,92 MB notwendig
Google Chrome Google Inc. 10.02.2013 24.0.1312.57 notwendig
Guitar Pro 5.2 Arobas Music 15.02.2013 notwendig
HiJackThis Trend Micro 11.02.2013 0,36 MB 1.0.0 notwendig
IL Download Manager Image-Line 15.02.2013 notwendig
Image Line ToxicIII v1.41 VSTi 15.02.2013 notwendig
Image-Line PoiZone v2.1 15.02.2013 notwendig
Internet Download Manager 15.02.2013 notwendig
IrfanView (remove only) Irfan Skiljan 15.02.2013 1,50 MB 4.27 notwendig
iTunes Apple Inc. 05.03.2011 144,6 MB 10.2.0.34 notwendig
Java 7 Update 13 Oracle 12.02.2013 129,0 MB 7.0.130 notwendig
Java 7 Update 7 (64-bit) Oracle 21.12.2012 127,3 MB 7.0.70 unnötig
Java SE Development Kit 7 Update 7 (64-bit) Oracle 21.12.2012 188,8 MB 1.7.0.70 unnötig
Java(TM) 6 Update 21 (64-bit) Oracle 16.08.2010 90,5 MB 6.0.210 unnötig
Java(TM) 6 Update 37 Oracle 10.10.2012 95,7 MB 6.0.370 unnötig
JDownloader AppWork UG (haftungsbeschränkt) 15.02.2013 notwendig
JDownloader 2 AppWork GmbH 15.02.2013 2 notwendig
K-Lite Mega Codec Pack 5.4.4 21.12.2012 5.4.4 unnötig
Live 8.1.1 15.02.2013 notwendig
Logitech Gaming Software 7.00 Logitech Inc. 16.02.2011 28,5 MB 7.00.291 notwendig
Macromedia Flash Player 8 Macromedia 13.10.2010 1,48 MB 8.0.22.0 notwendig
Malwarebytes Anti-Malware version 1.70.0.1100 Malwarebytes Corporation 10.02.2013 18,5 MB 1.70.0.1100 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.11.2010 38,8 MB 4.0.30319 notwendig
Microsoft Flight 15.02.2013 unnötig
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 16.02.2013 31,3 MB 3.5.92.0 unnötig
Microsoft Games for Windows Marketplace Microsoft Corporation 16.02.2013 6,04 MB 3.5.50.0 unnötig
Microsoft Office Enterprise 2007 Microsoft Corporation 15.02.2013 12.0.6612.1000 notwendig
Microsoft Office File Validation Add-In Microsoft Corporation 20.09.2011 7,95 MB 14.0.5130.5003 notwendig
Microsoft Silverlight Microsoft Corporation 08.05.2012 180,0 MB 4.1.10329.0 unnötig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.10.2010 1,70 MB 3.1.0000 unnötig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 08.12.2010 0,25 MB 8.0.50727.4053 unnötig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29 MB 8.0.61001 unnötig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 20.08.2010 0,20 MB 9.0.30729.4148 unnötig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 02.05.2011 0,58 MB 9.0.30729.5570 unnötig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 01.10.2012 0,77 MB 9.0.30729 unnötig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 27.12.2012 0,77 MB 9.0.30729.6161 unnötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20.08.2010 0,58 MB 9.0.30729 unnötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.02.2013 0,22 MB 9.0.30729.4148 unnötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,59 MB 9.0.30729.6161 unnötig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 16.02.2013 11,0 MB 10.0.30319 unnötig
Morphine Image-Line bvba 15.02.2013 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2010 1,28 MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.11.2010 1,33 MB 4.20.9876.0 unbekannt
Native Instruments Battery 3 15.02.2013 notwendig
Native Instruments Battery 3 Native Instruments 16.12.2011 notwendig
Native Instruments Controller Editor 15.02.2013 notwendig
Native Instruments Controller Editor Native Instruments 17.12.2011 notwendig
Native Instruments FM8 15.02.2013 notwendig
Native Instruments FM8 Native Instruments 15.12.2011 notwendig
Native Instruments Guitar Rig 5 15.02.2013 notwendig
Native Instruments Guitar Rig 5 Native Instruments 17.12.2011 notwendig
Native Instruments GuitarRig Mobile IO Driver 15.02.2013 notwendig
Native Instruments GuitarRig Mobile IO Driver Native Instruments 14.10.2010 notwendig
Native Instruments Kontakt 5 15.02.2013 notwendig
Native Instruments Kontakt 5 Native Instruments 08.12.2012 notwendig
Native Instruments Massive 15.02.2013 notwendig
Native Instruments Massive Native Instruments 08.12.2012 notwendig
Native Instruments Rig Kontrol 3 Driver 15.02.2013 notwendig
Native Instruments Rig Kontrol 3 Driver Native Instruments 14.10.2010 notwendig
Native Instruments Service Center 15.02.2013 notwendig
Native Instruments Service Center Native Instruments 08.12.2012 notwendig
Native Instruments Session IO Driver 15.02.2013 notwendig
Native Instruments Session IO Driver Native Instruments 14.10.2010 notwendig
Native Instruments Vokator 15.02.2013 notwendig
No-IP DUC Vitalwerks Internet Solutions LLC 15.02.2013 0,18 MB 4.0.1 notwendig
Nokia Connectivity Cable Driver Nokia 25.12.2010 3,51 MB 7.0.2.0 unnötig
NVIDIA 3D Vision Controller Driver 314.07 NVIDIA Corporation 18.02.2013 314.07 notwendig
NVIDIA 3D Vision Driver 314.07 NVIDIA Corporation 18.02.2013 314.07 notwendig
NVIDIA Graphics Driver 314.07 NVIDIA Corporation 18.02.2013 314.07 notwendig
NVIDIA PhysX System Software 9.12.1031 NVIDIA Corporation 18.02.2013 9.12.1031 notwendig
NVIDIA Update 1.12.12 NVIDIA Corporation 18.02.2013 1.12.12 notwendig
OpenAL 15.02.2013 notwendig
Oracle VM VirtualBox 4.2.4 Oracle Corporation 16.12.2012 127,4 MB 4.2.4 notwendig
PC VGA Camera Ihr Firmenname 12.04.2012 1.0.2.7 notwendig
PeerBlock 1.1 (r518) PeerBlock, LLC 22.11.2010 3,27 MB 1.1.0.518 notwendig
phonostar-Player Version 3.01.2 13.10.2010 unnötig
Photoshop Camera Raw_x64 16.08.2010 unbekannt
Pianoteq v2.3.0 15.02.2013 notwendig
PlanetSide 2 Sony Online Entertainment 15.02.2013 notwendig
Portal Valve 15.02.2013 notwendig
PunkBuster Services Even Balance, Inc. 15.02.2013 0.988 notwendig
QuickTime Apple Inc. 05.03.2011 73,7 MB 7.69.80.9 notwendig
RaceRoom Racing Experience 16.02.2013 notwendig
Rammfire 15.02.2013 notwendig
reFX Nexus VSTi RTAS v2.2.0 13.10.2010 notwendig
ReFX PlastiCZ VSTi v1.02 15.02.2013 notwendig
reFX quadraSID 1.6.0 14.10.2010 notwendig
reFX Vanguard 1.7.2 25.10.2010 notwendig
RegAlyzer Safer-Networking Ltd. 15.02.2013 1.6.2.16 notwendig
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 16.12.2012 35,5 MB 1.3.650.0 notwendig
Sawer Image-Line 15.02.2013 notwendig
Skype Click to Call Skype Technologies S.A. 08.02.2013 60,6 MB 6.6.11664 unnötig
Skype™ 5.8 Skype Technologies S.A. 11.04.2012 19,0 MB 5.8.158 unnötig
Snagit 9.1.1 TechSmith Corporation 14.02.2011 62,4 MB 9.1.1.113 notwendig
Sound Blaster X-Fi 15.02.2013 1.0 notwendig
Spybot - Search & Destroy Safer Networking Limited 15.02.2013 1.6.2 notwendig
Superior Drummer Installer Toontrack 25.11.2010 22,3 MB 2.0.1 notwendig
Team Fortress 2 Valve 15.02.2013 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 05.01.2013 3.0.9.2 notwendig
Tone2 Gladiator VSTi v2.2 25.10.2010 notwendig
Toxic Biohazard Image-Line 15.02.2013 notwendig
UltraISO Premium V9.35 16.08.2010 notwendig
Unlocker 1.9.1-x64 Cedrick Collomb 03.01.2012 1.9.1 notwendig
VLC media player 1.1.2 VideoLAN 15.02.2013 1.1.2 notwendig
Waves Mercury Bundle Team AiR 15.02.2013 5.0 notwendig
Win7codecs Shark007 16.08.2010 60,2 MB 2.6.1 unnötig
Winamp Nullsoft, Inc 15.02.2013 5.572 notwendig
Winamp Detector Plug-in Nullsoft, Inc 17.08.2010 0,12 MB 1.0.0.1 unnötig
Windows Live Essentials Microsoft Corporation 26.10.2010 15.4.3502.0922 notwendig
WinRAR archiver 16.08.2010 notwendig
x64 Components v2.6.4 Shark007 16.08.2010 53,5 MB 2.6.4 unnötig
Xvid 1.2.2 final uninstall Xvid team (Koepi) 15.02.2013 1.2 unnötig

Alt 20.02.2013, 17:07   #10
markusg
/// Malware-holic
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



deinstaliere:
Adobe CMaps
Adobe CSI
Adobe Fonts
Adobe Linguistics
Adobe PDF Library
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Adobe Type
Adobe WinSoft
Comodo
Deckadance
DivX
avast: behalte entweder avast, oder eset, nicht 2 auf einmal das gibt probleme, teile mir mit, welches weg kommt.
Facebook
HiJackThis : weg damit, wird nicht mehr weiterentwickelt und führt unter neuen Systemen zu fehlerkennungen.
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
K-Lite
Nokia
phonostar
Photoshop
Spybot : ist unnötig, nur wenige updates im momat, blockt kaum ernstzunemene Malware, platz und resourcenverschwendung.
Win7codecs

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.02.2013, 18:41   #11
dr_ckshacker
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



also, ich habe jetz alles erledigt, was du mir aufgelistet hast. Von die Anitvirusprogramme habe ich Avast gelöscht und Eset behalten, da ich Eset gekauft hatte. Avast war nur eine Testversion.


AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.112 - Logfile created 02/20/2013 at 19:35:49
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Matthias - MATTHIAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Matthias\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Matthias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2746 octets] - [20/02/2013 19:35:49]

########## EOF - C:\AdwCleaner[S1].txt - [2806 octets] ##########
         
--- --- ---

Alt 20.02.2013, 18:51   #12
markusg
/// Malware-holic
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



Hi,
HitmanPro - Download - Filepony
lade bitte Hitmanpro.
Doppelklick, Lizenz, Testlizenz.
Scan, nichts löschen.
Weiter, Log als XML exportieren und posten, bzw packen und anhängen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.02.2013, 19:09   #13
dr_ckshacker
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



Code:
ATTFilter
HitmanPro 3.7.2.188
www.hitmanpro.com

   Computer name . . . . : MATTHIAS-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Matthias-PC\Matthias
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-02-20 19:58:43
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 34s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 21

   Objects scanned . . . : 2.682.699
   Files scanned . . . . : 78.409
   Remnants scanned  . . : 860.418 files / 1.743.872 keys

Suspicious files ____________________________________________________________

   C:\Users\Matthias\AppData\Local\PunkBuster\BC2\pb\dll\wc002261.dll
      Size . . . . . . . : 951.318 bytes
      Age  . . . . . . . : 786.7 days (2010-12-27 04:08:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Matthias\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
      Size . . . . . . . : 951.318 bytes
      Age  . . . . . . . : 722.1 days (2011-03-01 16:57:18)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Matthias\AppData\Local\PunkBuster\BC2\pb\pbclold.dll
      Size . . . . . . . : 951.318 bytes
      Age  . . . . . . . : 786.7 days (2010-12-27 03:55:22)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Matthias\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 780.8 days (2011-01-01 23:40:17)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Matthias\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
      Size . . . . . . . : 956.558 bytes
      Age  . . . . . . . : 780.8 days (2011-01-01 23:40:17)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Matthias\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
      Size . . . . . . . : 138.160 bytes
      Age  . . . . . . . : 774.8 days (2011-01-08 01:54:49)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 171C32702C73ECD6EAD6A120C5E0BCE649444BE4068C4ECA4C548644DF151A5E
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.


Cookies _____________________________________________________________________

   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:oms.122.2o7.net
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
         

Alt 20.02.2013, 20:26   #14
markusg
/// Malware-holic
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



ok, funde löschen, und testen, welche Probleme noch auftreten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.02.2013, 18:03   #15
dr_ckshacker
 
fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll    TROJANER/Rootkit/Malware ? - Standard

fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?



ok, punkbuster ist ein anticheatsystem für onlinespiele. und die trackingcookies lassen sich nicht löschen

Antwort

Themen zu fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?
autoruns, autostart, avast, combofix, dateien, eset, eset nod32, folge, gmer, hijack, log, logfiles, malwarebytes, neustart, nod32, ntdll.dll, problem, programm, prozess, rechner, remote, remote access, scan, server.exe, svchost.exe, treiber, trojaner, trojaner svchost.exe ntdll.dll rat malware



Ähnliche Themen: fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?


  1. ntdll.dll virus
    Plagegeister aller Art und deren Bekämpfung - 10.08.2015 (19)
  2. Ntdll.dll Problem APPCRASH Fehlermeldungen Hilfe^^
    Alles rund um Windows - 04.02.2015 (1)
  3. Rootkit oder Malware?
    Alles rund um Mac OSX & Linux - 20.01.2015 (4)
  4. Rootkit? Avast: Bösartige Website blockiert, svchost.exe ...
    Log-Analyse und Auswertung - 04.06.2013 (13)
  5. Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT !
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (4)
  6. Verdacht auf Rootkit, Antivirenherstellerseiten werden geblockt, ständ. svchost.exe connects
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (7)
  7. Rootkit,Malware,Trojaner k.a. "Windows Security alert"?
    Plagegeister aller Art und deren Bekämpfung - 05.05.2010 (4)
  8. Rootkit.Win32.Agent.besn in system32\drivers\aec.sys / syspck32 im Autostart
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (8)
  9. server.exe - svchost.exe - Autostart vieler Programe
    Log-Analyse und Auswertung - 26.02.2010 (1)
  10. server.exe - svchost.exe - Autostart vieler Programe... Ratlos
    Log-Analyse und Auswertung - 24.02.2010 (17)
  11. gmer meldet Rootkit activity svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 24.01.2010 (15)
  12. Win32:Rootkit-gen[Rtk] über svchost
    Plagegeister aller Art und deren Bekämpfung - 24.10.2009 (8)
  13. explorer.exe 50% ntdll.dll
    Log-Analyse und Auswertung - 21.06.2009 (6)
  14. Browser lädt keine AV Seiten, Rootkit in C:\WINNT\system32\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 02.04.2009 (7)
  15. Malware Autostart.ini auf der Festplatte
    Plagegeister aller Art und deren Bekämpfung - 01.02.2009 (1)
  16. Trojaner,Rootkit,Malware und Virus
    Log-Analyse und Auswertung - 26.11.2007 (3)
  17. svchost.exe im autostart
    Plagegeister aller Art und deren Bekämpfung - 13.05.2007 (1)

Zum Thema fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? - Mein Problem ist folgendes: Ich hatte einen Remote Access Trojaner auf dem Rechner und bin so vorgegangen: 1. Combofix laufen lassen - hat in den temporären Dateien eine server.exe gelöscht. - fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?...
Archiv
Du betrachtest: fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.