Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Keylogger, WoW - Account gehackt :X

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.12.2009, 23:12   #1
Averen
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Hallo erstmal! Ich hab heute schon ganz viel gemacht, da ich schon 2 mal! in einer Woche gehackt wurde. Antivir, AVG, Norton Security Scan (Hat was ausgespuckt, aber nur eine IluPak.exe, die ich entfernt hab (Log post ich aber noch). A-squared hat auch nix gefunden.

Die Datei, die Norton gefunden hat, war unter: C:\Windows\MRLH\IluPak.exe


Hier erstmal der Log von Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3355
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.12.2009 00:05:00
mbam-log-2009-12-14 (00-05-00).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|I:\|)
Durchsuchte Objekte: 267837
Laufzeit: 1 hour(s), 48 minute(s), 50 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Danach RSIT:

Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2009-12-13 23:16:27

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Anti-Malware 4.5-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Batch Renamer 2.1.1 (uninstall)-->C:\Program Files\Batch Renamer\remove_batchRenamer.exe
Benutzerhandbuch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" 
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /X{D6771E19-1BB6-43B1-811E-ECC5A4613579}
Call of Duty: Modern Warfare 2 - Multiplayer-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10190
Call of Duty: Modern Warfare 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10180
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Glitchys MES-->"C:\Program Files\Glitchy's Model Editing Suite\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
I8kfanGUI V3.1-->"C:\Program Files\I8kfanGUI\uninstall.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
Left 4 Dead 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/550
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Livestream Procaster-->MsiExec.exe /I{0E323ECF-FA5B-454A-B79C-508419AC2538}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x7  -cluninstall
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Application Compatibility Database-->C:\Windows\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NCsoft Launcher-->"C:\Program Files\InstallShield Installation Information\{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}\setup.exe" -runfromtemp -l0x0009 -removeonly
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SAMSUNG Android USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\Shrewsbury\SSADUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Download Driver Software-->C:\Windows\system32\Samsung_USB_Drivers\NXP_Driver\SSDUUninstall.exe
SAMSUNG Mobile USB Driver-->MsiExec.exe /I{7184F382-8A6C-4B85-A3AC-B63734B1E241}
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
Samsung Mobile USB Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7_681B\SECUUninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CB1BFD3-82B0-4C3E-A586-0A5472158E9E}\setup.exe" -l0x9  -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Trillian-->C:\Program Files\Trillian\Trillian.exe /uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VirtualCom driver-->MsiExec.exe /I{1943A043-5C85-4A16-A0D0-D687B2C1A40F}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Windows-Defender (disabled)

======System event log======

Computer Name: ***-PC
Event Code: 10029
Message: DCOM hat den Dienst swprv mit den Argumenten "" gestartet, um den Server auszuführen:
{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Record Number: 47926
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090625082111.000000-000
Event Type: Informationen
User: 

Computer Name: ***-PC
Event Code: 10029
Message: DCOM hat den Dienst VSS mit den Argumenten "" gestartet, um den Server auszuführen:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Record Number: 47925
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090625082111.000000-000
Event Type: Informationen
User: 

Computer Name: ***-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 47924
Source Name: Service Control Manager
Time Written: 20090625075039.000000-000
Event Type: Informationen
User: 

Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 47923
Source Name: Service Control Manager
Time Written: 20090625073614.000000-000
Event Type: Informationen
User: 

Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Startprogramm für Windows Media Center" befindet sich jetzt im Status "Beendet".
Record Number: 47922
Source Name: Service Control Manager
Time Written: 20090625073613.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: D95R2T2J
Event Code: 6001
Message: Der Winlogon-Benachrichtigungsabonnent <GPClient> ist bei einem Benachrichtigungsereignis fehlgeschlagen.
Record Number: 350
Source Name: Microsoft-Windows-Winlogon
Time Written: 20070310105506.000000-000
Event Type: Warnung
User: 

Computer Name: D95R2T2J
Event Code: 6000
Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
Record Number: 349
Source Name: Microsoft-Windows-Winlogon
Time Written: 20070310105506.000000-000
Event Type: Informationen
User: 

Computer Name: D95R2T2J
Event Code: 9009
Message: Der Desktopfenster-Manager wurde mit dem Code (0x40010004) abgebrochen.
Record Number: 348
Source Name: Desktop Window Manager
Time Written: 20070310105506.000000-000
Event Type: Informationen
User: 

Computer Name: D95R2T2J
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 347
Source Name: Microsoft-Windows-Search
Time Written: 20070310105450.000000-000
Event Type: Informationen
User: 

Computer Name: D95R2T2J
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 346
Source Name: SecurityCenter
Time Written: 20070310105448.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: ***-PC
Event Code: 1101
Message: Überwachungsereignisse wurden vom Transport gelöscht. Die Echtzeit-Sicherungsdatei war beschädigt, da das System nicht ordnungsgemäß heruntergefahren wurde.
Record Number: 298
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090603153521.960910-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: D95R2T2J
Event Code: 4616
Message: Die Systemzeit wurde geändert.

Antragsteller:
	Sicherheits-ID:		S-1-5-19
	Kontoname:		LOKALER DIENST
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e5

Prozessinformationen:
	Prozess-ID:	0x4ec
	Name:		C:\Windows\System32\svchost.exe

Vorherige Zeit:		10:55:20 10.03.2007
Neue Zeit:		10:55:20 10.03.2007

Dieses Ereignis wird generiert, wenn die Systemzeit geändert wird. Es ist normal, dass der mit Systemberechtigung ausgeführte Windows-Zeitdienst die Systemzeit regelmäßig ändert. Andere Änderungen der Systemzeit können darauf hinweisen, dass der Computer manipuliert wird.
Record Number: 297
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20070310105520.712400-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: D95R2T2J
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 296
Source Name: Microsoft-Windows-Eventlog
Time Written: 20070310105520.790400-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: D95R2T2J
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:

Antragsteller:
	Sicherheits-ID:		S-1-5-21-2754731202-3281619189-719602998-500
	Kontoname:		Administrator
	Kontodomäne:		D95R2T2J
	Anmelde-ID:		0x50a95

Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 295
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20070310105506.282891-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: D95R2T2J
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
	Sicherheits- ID:	S-1-5-21-2754731202-3281619189-719602998-500
	Kontoname:	Administrator
	Domänenname:	D95R2T2J
	Logon-ID:	0x50a95
Record Number: 294
Source Name: Microsoft-Windows-Eventlog
Time Written: 20070310105439.872091-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
         
Teil 2:
Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by ***at 2009-12-13 23:15:56
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 28 GB (28%) free of 102 GB
Total RAM: 3326 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:22, on 13.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Trillian\trillian.exe
C:\Users\***\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\***\Desktop\Aklog\aklog.exe
C:\Users\***\Desktop\RSIT.exe
C:\Users\***\Desktop\***.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Livestream Procaster] "C:\Program Files\Livestream Procaster\Procaster.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8739 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job
C:\Windows\tasks\Norton Security Scan for ***.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-20 815104]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"NPSStartup"= []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-30 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-30 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-01-30 96800]
"Livestream Procaster"=C:\Program Files\Livestream Procaster\Procaster.exe [2009-10-12 6415648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"a-squared"=C:\Program Files\a-squared Anti-Malware\a2guard.exe [2009-11-05 3279192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2009-10-24 1217808]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]
"PlayNC Launcher"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-10-13 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-11-03 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Trillian.lnk - C:\Program Files\Trillian\trillian.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-13 23:15:56 ----D---- C:\rsit
2009-12-13 22:15:12 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2009-12-13 22:15:06 ----D---- C:\ProgramData\Malwarebytes
2009-12-13 22:15:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-13 22:11:56 ----D---- C:\Program Files\CCleaner
2009-12-13 17:08:01 ----D---- C:\Program Files\a-squared Anti-Malware
2009-12-13 16:42:11 ----D---- C:\Windows\Internet Logs
2009-12-13 16:07:43 ----D---- C:\Users\***\AppData\Roaming\OnlineArmor
2009-12-13 16:07:43 ----D---- C:\ProgramData\OnlineArmor
2009-12-13 16:04:47 ----D---- C:\Program Files\Tall Emu
2009-12-13 16:00:49 ----D---- C:\ProgramData\Application Data
2009-12-13 15:54:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-13 15:48:08 ----D---- C:\ProgramData\Symantec
2009-12-13 15:48:08 ----D---- C:\ProgramData\Norton
2009-12-13 15:48:08 ----D---- C:\Program Files\Norton Security Scan
2009-12-13 15:48:04 ----D---- C:\ProgramData\NortonInstaller
2009-12-13 15:48:04 ----D---- C:\Program Files\NortonInstaller
2009-12-13 14:17:45 ----D---- C:\Program Files\KeyScrambler
2009-12-13 13:46:47 ----D---- C:\Users\***\AppData\Roaming\CheckPoint
2009-12-13 13:46:34 ----D---- C:\Program Files\CheckPoint
2009-12-13 13:44:18 ----D---- C:\ProgramData\CheckPoint
2009-12-13 13:29:33 ----D---- C:\Users\***\AppData\Roaming\Avira
2009-12-13 13:19:06 ----D---- C:\ProgramData\Avira
2009-12-13 13:19:06 ----D---- C:\Program Files\Avira
2009-12-13 12:48:35 ----D---- C:\Users\***\AppData\Roaming\QuickScan
2009-12-13 12:30:53 ----D---- C:\ProgramData\SecTaskMan
2009-12-13 12:30:48 ----D---- C:\Program Files\Security Task Manager
2009-12-10 23:51:08 ----D---- C:\cygwin
2009-12-10 23:13:25 ----D---- C:\Program Files\QuickTime
2009-12-10 23:05:17 ----D---- C:\ProgramData\Apple Computer
2009-12-10 23:05:17 ----D---- C:\Program Files\Safari
2009-12-10 23:03:21 ----D---- C:\ProgramData\Apple
2009-12-10 23:03:21 ----D---- C:\Program Files\Common Files\Apple
2009-12-09 15:37:15 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 15:37:14 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 15:22:48 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 15:22:47 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 15:22:47 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 15:22:46 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 15:22:44 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 15:22:43 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 15:22:42 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 15:22:39 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 15:20:55 ----A---- C:\Windows\system32\rastls.dll
2009-12-08 14:18:06 ----D---- C:\Program Files\AVG
2009-11-30 20:33:46 ----A---- C:\Windows\system32\xfcodec.dll
2009-11-29 19:24:35 ----D---- C:\Program Files\Haali
2009-11-28 01:34:29 ----A---- C:\tracert.txt
2009-11-28 00:27:42 ----D---- C:\Users\***\AppData\Roaming\Trillian
2009-11-28 00:27:10 ----D---- C:\Program Files\Trillian
2009-11-27 17:16:16 ----D---- C:\Users\***\AppData\Roaming\Safer Networking
2009-11-27 17:12:40 ----D---- C:\Program Files\Safer Networking
2009-11-27 17:11:24 ----D---- C:\Program Files\Trend Micro
2009-11-27 00:33:16 ----A---- C:\Windows\system32\msxml6.dll
2009-11-27 00:33:15 ----A---- C:\Windows\system32\msxml3.dll
2009-11-27 00:29:40 ----A---- C:\Windows\system32\tzres.dll
2009-11-27 00:29:12 ----D---- C:\Program Files\MSXML 4.0
2009-11-23 16:36:45 ----A---- C:\Windows\system32\devil.dll
2009-11-23 16:36:45 ----A---- C:\Windows\system32\avisynth.dll
2009-11-23 16:36:44 ----A---- C:\Windows\system32\yv12vfw.dll
2009-11-23 16:36:44 ----A---- C:\Windows\system32\i420vfw.dll
2009-11-23 16:36:44 ----A---- C:\Windows\system32\AVSredirect.dll
2009-11-23 16:36:43 ----D---- C:\Program Files\AviSynth 2.5
2009-11-22 14:01:44 ----A---- C:\Windows\system32\XAudio2_5.dll
2009-11-22 14:01:44 ----A---- C:\Windows\system32\xactengine3_5.dll
2009-11-22 14:01:44 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2009-11-22 14:01:43 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dx11_42.dll
2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dcsx_42.dll
2009-11-22 14:01:41 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-22 14:01:37 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-22 14:01:37 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-22 14:01:37 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-21 19:26:44 ----D---- C:\Users\***\AppData\Roaming\dvdcss
2009-11-21 19:23:07 ----D---- C:\Program Files\Alcohol Soft
2009-11-21 18:46:40 ----D---- C:\Users\***\AppData\Roaming\Any Video Converter
2009-11-20 21:23:59 ----D---- C:\Program Files\JDownloader
2009-11-20 14:38:50 ----A---- C:\Windows\system32\javaws.exe
2009-11-20 14:38:50 ----A---- C:\Windows\system32\javaw.exe
2009-11-20 14:38:50 ----A---- C:\Windows\system32\java.exe
2009-11-17 19:59:22 ----D---- C:\Program Files\World of Warcraft

======List of files/folders modified in the last 1 months======

2009-12-13 23:16:05 ----D---- C:\Windows\Temp
2009-12-13 23:14:59 ----D---- C:\Users\***\AppData\Roaming\Skype
2009-12-13 22:56:58 ----D---- C:\Users\***\AppData\Roaming\Xfire
2009-12-13 22:40:24 ----D---- C:\Windows\MRLH
2009-12-13 22:26:23 ----D---- C:\Windows
2009-12-13 22:25:26 ----SHD---- C:\System Volume Information
2009-12-13 22:15:08 ----D---- C:\Windows\system32\drivers
2009-12-13 22:15:06 ----D---- C:\ProgramData
2009-12-13 22:15:05 ----D---- C:\Program Files
2009-12-13 22:14:07 ----D---- C:\Program Files\Mozilla Firefox
2009-12-13 22:13:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-13 22:13:28 ----D---- C:\Windows\Debug
2009-12-13 19:41:34 ----D---- C:\Program Files\Steam
2009-12-13 19:35:57 ----D---- C:\Windows\Logs
2009-12-13 16:40:20 ----D---- C:\Windows\System32
2009-12-13 16:06:57 ----D---- C:\Windows\inf
2009-12-13 16:05:35 ----D---- C:\Windows\system32\catroot2
2009-12-13 16:01:00 ----D---- C:\Windows\system32\catroot
2009-12-13 16:00:56 ----D---- C:\Users\***\AppData\Roaming\skypePM
2009-12-13 15:54:32 ----D---- C:\Program Files\Common Files
2009-12-13 15:48:11 ----D---- C:\Windows\Tasks
2009-12-13 15:48:11 ----D---- C:\Windows\system32\Tasks
2009-12-13 13:18:12 ----SHD---- C:\Windows\Installer
2009-12-13 12:35:45 ----D---- C:\Program Files\BAE
2009-12-12 16:32:24 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-12 16:29:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-10 23:54:02 ----D---- C:\Users\***\AppData\Roaming\uTorrent
2009-12-10 23:15:31 ----D---- C:\Program Files\Bonjour
2009-12-10 23:07:57 ----D---- C:\Users\***\AppData\Roaming\Apple Computer
2009-12-10 14:29:07 ----D---- C:\ProgramData\Xfire
2009-12-09 16:13:16 ----D---- C:\Windows\rescache
2009-12-09 16:08:19 ----D---- C:\Windows\winsxs
2009-12-09 15:55:04 ----D---- C:\Windows\system32\de-DE
2009-12-09 15:55:04 ----D---- C:\Program Files\Windows Mail
2009-12-09 15:40:32 ----D---- C:\ProgramData\Microsoft Help
2009-12-09 15:37:04 ----RSD---- C:\Windows\assembly
2009-12-07 03:32:34 ----D---- C:\Users\***\AppData\Roaming\vlc
2009-12-02 17:14:39 ----D---- C:\Users\***\AppData\Roaming\teamspeak2
2009-12-02 14:57:18 ----D---- C:\Program Files\Xfire
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-27 23:33:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-23 16:36:41 ----RSD---- C:\Windows\Fonts
2009-11-22 11:28:45 ----D---- C:\Users\***\AppData\Roaming\DivX
2009-11-21 19:27:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-20 14:38:49 ----D---- C:\Program Files\Java
2009-11-18 00:15:17 ----SD---- C:\Users\***\AppData\Roaming\Microsoft
2009-11-16 00:10:12 ----A---- C:\Users\***\AppData\Roaming\MPQEditor.ini
2009-11-15 14:31:45 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 fanio;FanIO driver; \??\C:\Windows\system32\drivers\fanio.sys [2007-02-16 14464]
R1 OADevice;OADriver; \??\C:\Windows\system32\drivers\OADriver.sys [2009-12-05 223312]
R1 OAmon;OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [2009-12-05 24656]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-30 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-13 56816]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-30 25888]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-12 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 8192]
R3 b57nd60x;%SvcDispName%; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2008-03-22 113896]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-12-03 38224]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-30 7544832]
R3 OAnet;OnlineArmor Service; C:\Windows\system32\DRIVERS\oanet.sys [2009-12-05 30800]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-20 179256]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 a0zmv1re;a0zmv1re; C:\Windows\system32\drivers\a0zmv1re.sys []
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-09-21 36608]
S3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-01-29 61312]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-12 986624]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-12 206848]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-12 659968]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-12 386560]
S2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
S3 BthServ;Bluetooth-Unterstützungsdienst; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-01 320760]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []

-----------------EOF-----------------
         

Ich wäre euch verdammt dankbar, falls ihr mir irgendwie helfen könnt

Alt 13.12.2009, 23:58   #2
Averen
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Hier noch Gmer:

Code:
ATTFilter
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 00:55:19
Windows 6.0.6002 Service Pack 2
Running: r53mct73.exe; Driver: C:\Users\Vincenzo\AppData\Local\Temp\uxdyqkog.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwAllocateVirtualMemory [0x9031F420]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwAlpcConnectPort [0x9031E270]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwAlpcCreatePort [0x9031D8E0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwAssignProcessToJobObject [0x9031FC60]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwConnectPort [0x9031DA90]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwCreateFile [0x9032CCB0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwCreatePort [0x9031D740]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwCreateSection [0x90319DE0]
SSDT            8BE4674C                                                                                                                        ZwCreateThread
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwDebugActiveProcess [0x9031C900]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwDuplicateObject [0x9031D410]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwLoadDriver [0x9031EB40]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwOpenFile [0x9032D420]
SSDT            8BE46738                                                                                                                        ZwOpenProcess
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwOpenSection [0x9031A080]
SSDT            8BE4673D                                                                                                                        ZwOpenThread
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwProtectVirtualMemory [0x9031F8A0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwQueryDirectoryFile [0x9031EFB0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwQueueApcThread [0x9031FE00]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwRequestWaitReplyPort [0x9031E690]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwResumeThread [0x9031D060]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSecureConnectPort [0x9031DE80]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSetContextThread [0x9031C6E0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSetSystemInformation [0x9031CAA0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwShutdownSystem [0x9031EA10]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSuspendProcess [0x9031D240]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSuspendThread [0x9031CE60]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSystemDebugControl [0x9031CC90]
SSDT            8BE46747                                                                                                                        ZwTerminateProcess
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwTerminateThread [0x9031C4B0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwUnloadDriver [0x9031ED70]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwWriteVirtualMemory [0x9031FA70]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwCreateThreadEx [0x9031BF10]

INT 0x52        ?                                                                                                                               86159BF8
INT 0x72        ?                                                                                                                               8452CBF8
INT 0x82        ?                                                                                                                               8452CBF8
INT 0xA3        ?                                                                                                                               86159BF8
INT 0xB3        ?                                                                                                                               86159BF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 131                                                                                                   81EE8874 4 Bytes  [20, F4, 31, 90]
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                                   81EE8880 8 Bytes  [70, E2, 31, 90, E0, D8, 31, ...] {JO 0xffffffffffffffe4; XOR [EAX-0x6fce2720], EDX}
.text           ntkrnlpa.exe!KeSetEvent + 191                                                                                                   81EE88D4 4 Bytes  [60, FC, 31, 90]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                   81EE8904 4 Bytes  [90, DA, 31, 90] {NOP ; FIDIV DWORD [ECX]; NOP }
.text           ntkrnlpa.exe!KeSetEvent + 1D9                                                                                                   81EE891C 4 Bytes  [B0, CC, 32, 90]
.text           ...                                                                                                                             
?               System32\Drivers\spbg.sys                                                                                                       Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                        section is writeable [0x8EE04340, 0x3EE1D7, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                           8FA8341B 5 Bytes  JMP 861591D8 
.text           anw80ghx.SYS                                                                                                                    8AFA8000 22 Bytes  [82, 03, E1, 81, 6C, 02, E1, ...]
.text           anw80ghx.SYS                                                                                                                    8AFA8017 45 Bytes  [00, 32, 27, 9A, 8A, 3D, 25, ...]
.text           anw80ghx.SYS                                                                                                                    8AFA8045 135 Bytes  [2A, EE, 81, FD, A9, E7, 81, ...]
.text           anw80ghx.SYS                                                                                                                    8AFA80CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]
.text           anw80ghx.SYS                                                                                                                    8AFA80DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]
.text           ...                                                                                                                             
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                          section is writeable [0xA42E3300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                          section is writeable [0xA4326300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\taskeng.exe[608] kernel32.dll!CreateProcessW                                                                77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\system32\taskeng.exe[608] kernel32.dll!CreateProcessA                                                                77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\taskeng.exe[608] kernel32.dll!LoadLibraryExW                                                                775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\taskeng.exe[608] USER32.dll!ExitWindowsEx                                                                   767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] kernel32.dll!CreateThread + 1A                                      775DC928 4 Bytes  CALL 0045495D C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
.text           C:\Windows\system32\Dwm.exe[1692] kernel32.dll!CreateProcessW                                                                   77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\system32\Dwm.exe[1692] kernel32.dll!CreateProcessA                                                                   77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\system32\Dwm.exe[1692] kernel32.dll!LoadLibraryExW                                                                   775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\system32\Dwm.exe[1692] USER32.dll!ExitWindowsEx                                                                      767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\Explorer.EXE[1724] kernel32.dll!CreateProcessW                                                                       77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\Explorer.EXE[1724] kernel32.dll!CreateProcessA                                                                       77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\Explorer.EXE[1724] kernel32.dll!LoadLibraryExW                                                                       775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\Explorer.EXE[1724] USER32.dll!ExitWindowsEx                                                                          767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\Explorer.EXE[1724] IPHLPAPI.DLL!IcmpSendEcho2Ex                                                                      757696D8 6 Bytes  JMP 5F130F5A 
.text           C:\Windows\Explorer.EXE[1724] IPHLPAPI.DLL!IcmpSendEcho2                                                                        75769C2D 6 Bytes  JMP 5F100F5A 
.text           C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!CreateProcessW                                                                   77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!CreateProcessA                                                                   77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!LoadLibraryExW                                                                   775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\ehome\ehtray.exe[2208] USER32.dll!ExitWindowsEx                                                                      767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!CreateProcessW                                                      77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!CreateProcessA                                                      77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!LoadLibraryExW                                                      775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] USER32.dll!ExitWindowsEx                                                         767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] ole32.dll!CoCreateInstance                                                       76149EA6 6 Bytes  JMP 5F100F5A 
.text           C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] ole32.dll!CoCreateInstanceEx                                                     76149EE9 6 Bytes  JMP 5F130F5A 
.text           C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!CreateProcessW                                                                   77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!CreateProcessA                                                                   77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!LoadLibraryExW                                                                   775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\ehome\ehmsas.exe[2316] USER32.dll!ExitWindowsEx                                                                      767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!CreateProcessW                                       77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!CreateProcessA                                       77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!LoadLibraryExW                                       775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] USER32.dll!ExitWindowsEx                                          767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] ole32.dll!CoCreateInstance                                        76149EA6 6 Bytes  JMP 5F100F5A 
.text           C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] ole32.dll!CoCreateInstanceEx                                      76149EE9 6 Bytes  JMP 5F130F5A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!CreateProcessW                                                 77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!CreateProcessA                                                 77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!LoadLibraryExW                                                 775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] USER32.dll!ExitWindowsEx                                                    767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!CreateProcessW                                        77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!CreateProcessA                                        77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!LoadLibraryExW                                        775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] USER32.dll!ExitWindowsEx                                           767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\System32\rundll32.exe[3668] kernel32.dll!CreateProcessW                                                              77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\System32\rundll32.exe[3668] kernel32.dll!CreateProcessA                                                              77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\rundll32.exe[3668] kernel32.dll!LoadLibraryExW                                                              775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\rundll32.exe[3668] USER32.dll!ExitWindowsEx                                                                 767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Windows\System32\rundll32.exe[3752] kernel32.dll!CreateProcessW                                                              77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Windows\System32\rundll32.exe[3752] kernel32.dll!CreateProcessA                                                              77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Windows\System32\rundll32.exe[3752] kernel32.dll!LoadLibraryExW                                                              775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Windows\System32\rundll32.exe[3752] USER32.dll!ExitWindowsEx                                                                 767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!CreateProcessW                                                    77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!CreateProcessA                                                    77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!LoadLibraryExW                                                    775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[3836] USER32.dll!ExitWindowsEx                                                       767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!CreateProcessW               77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!CreateProcessA               77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!LoadLibraryExW               775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] USER32.dll!ExitWindowsEx                  767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!CreateProcessW                                              77591BF3 6 Bytes  JMP 5F0A0F5A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!CreateProcessA                                              77591C28 6 Bytes  JMP 5F040F5A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!LoadLibraryExW                                              775B9109 6 Bytes  JMP 5F070F5A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] USER32.dll!ExitWindowsEx                                                 767AB7C3 6 Bytes  JMP 5F0D0F5A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] ole32.dll!CoCreateInstance                                               76149EA6 6 Bytes  JMP 5F100F5A 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] ole32.dll!CoCreateInstanceEx                                             76149EE9 6 Bytes  JMP 5F130F5A 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                       [8A8986D6] \SystemRoot\System32\Drivers\spbg.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                        [8A898042] \SystemRoot\System32\Drivers\spbg.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                [8A898800] \SystemRoot\System32\Drivers\spbg.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                       [8A8980C0] \SystemRoot\System32\Drivers\spbg.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                 [8A89813E] \SystemRoot\System32\Drivers\spbg.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                              [8A8A7E9C] \SystemRoot\System32\Drivers\spbg.sys
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortNotification]                                                      CC358B04
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortUchar]                                                    838AFCDF
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortUlong]                                                    458B38C6
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                A5A5A514
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                     100D8BA5
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                              5F8AFCB0
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortUchar]                                                     30810889
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortStallExecution]                                                    54771129
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetParentBusType]                                                  10C25D5E
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortRequestCallback]                                                   8B55CC00
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                             084D8BEC
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                              0CF0918B
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortCompleteRequest]                                                   458B0000
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortMoveMemory]                                                        [8B108910] \SystemRoot\System32\Drivers\Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                         000CF491
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                            04508900
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                              053C7980
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortUshort]                                                    560C558B
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                              C6127557
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortInitialize]                                                        B18D0502
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                     00000CF8
IAT             \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                 A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem]  [00454AB4] C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT             C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem]  [00454AB4] C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                          852E91F8
Device          \FileSystem\fastfat \FatCdrom                                                                                                   87E9F1F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                         Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                         Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                            8452E1F8
Device          \Driver\sptd \Device\2333607626                                                                                                 spbg.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                8614E1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                8614E1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                8614E1F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                8614E1F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{69748DA3-BD9A-469F-A3F1-7E368ABE5EE7}                                                        87CA31F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                                                862D01F8
Device          \Driver\tdx \Device\Tcp                                                                                                         OAmon.sys
Device          \Driver\netbt \Device\NetBT_Tcpip_{2F064EB1-89FB-4B01-9381-B33527BB5F22}                                                        87CA31F8
Device          \Driver\PCI_PNP1610 \Device\00000057                                                                                            spbg.sys
Device          \Driver\USBSTOR \Device\00000071                                                                                                87B751F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                          8452E1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                          8452E1F8
Device          \Driver\cdrom \Device\CdRom0                                                                                                    863021F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                          8452E1F8
Device          \Driver\cdrom \Device\CdRom1                                                                                                    863021F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                     852E81F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                              852E81F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                              852E81F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2                                                                                     852E81F8
Device          \Driver\tdx \Device\RawIp6                                                                                                      OAmon.sys
Device          \Driver\cdrom \Device\CdRom2                                                                                                    863021F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                          8452E1F8
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                          8452E1F8
Device          \Driver\cdrom \Device\CdRom3                                                                                                    863021F8
Device          \Driver\tdx \Device\Tcp6                                                                                                        OAmon.sys
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                         87CA31F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                                  87B791F8
Device          \Driver\tdx \Device\Tdx                                                                                                         OAmon.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                              863091F8
Device          \Driver\tdx \Device\Udp                                                                                                         OAmon.sys
Device          \FileSystem\fastfat \Fat                                                                                                        87E9F1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                                          8612F1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd19acc                                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                              771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                              285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                              2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                             1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                          0xB8 0xE8 0x67 0x4A ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                             C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                             0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0x2C 0x01 0xF9 0xB3 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                    0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                 0x17 0x7F 0xFD 0xF8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                            0xD6 0x5A 0xA6 0xC4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                            0x12 0x00 0x1F 0x0C ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                            0x14 0xD7 0xD2 0x10 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cfd19acc (not active ControlSet)                                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                            
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                 1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                              0xB8 0xE8 0x67 0x4A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                            
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                 0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                              0x2C 0x01 0xF9 0xB3 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                   
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                     0x17 0x7F 0xFD 0xF8 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)              
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                0xD6 0x5A 0xA6 0xC4 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)              
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                0x12 0x00 0x1F 0x0C ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)              
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                0x14 0xD7 0xD2 0x10 ...

---- EOF - GMER 1.0.15 ----
         
__________________


Alt 15.12.2009, 08:58   #3
Averen
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Hier noch CC-Cleaner, sorry, hat ich vergessen


Code:
ATTFilter
Adobe AIR	Adobe Systems Inc.	18.10.2009	30.7MB	1.5.2.8900
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	30.07.2009		10.0.32.18
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	02.08.2009		10.0.32.18
Adobe Flash Player 9 ActiveX	Adobe Systems Incorporated	09.03.2007		9
Adobe Reader 7.0.8 - Deutsch	Adobe Systems Incorporated	09.03.2007		7.0.8
Apple Application Support	Apple Inc.	10.12.2009		1.1.0
Apple Mobile Device Support	Apple Inc.	09.12.2009	40.4MB	2.6.0.32
Apple Software Update	Apple Inc.	01.11.2009		2.1.1.116
Batch Renamer 2.1.1 (uninstall)		07.11.2009	12.3MB	
Benutzerhandbuch		09.03.2007	0.82MB	
Bonjour	Apple Inc.	09.12.2009	0.49MB	1.0.106
Broadcom Management Programs	Broadcom Corporation	09.03.2007		10.03.01
Call of Duty: Modern Warfare 2	Infinity Ward	21.11.2009	11'380.2MB	
Call of Duty: Modern Warfare 2 - Multiplayer	Infinity Ward	21.11.2009	11'380.2MB	
CCleaner	Piriform	12.12.2009	2.80MB	
Dell Driver Download Manager	Dell Inc.	30.06.2009		1.0.0.0
Dell Driver Download Manager - 1	Dell Inc.			2.0.0.0
Digital Line Detect	BVRP Software, Inc	09.03.2007	0.27MB	1.21
DivX Codec	DivX, Inc.	02.06.2009	1.31MB	6.8.5
DivX Converter	DivX, Inc.	02.06.2009	45.3MB	7.1.0
DivX Player	DivX, Inc.	02.06.2009	8.43MB	7.2.0
DivX Plus DirectShow Filters	DivX, Inc.	02.06.2009	1.58MB	
DivX Web Player	DivX,Inc.	02.06.2009	2.83MB	1.5.0
Fraps (remove only)		18.10.2009	2.25MB	
G Data InternetSecurity	G Data Software AG	14.12.2009		20.1.1.0
Glitchys MES	GeeTards	10.11.2009	115.2MB	
Google Chrome	Google Inc.	08.12.2009	67.4MB	3.0.195.33
Haali Media Splitter		28.11.2009	2.46MB	
HijackThis 2.0.2	TrendMicro	08.06.2009	0.39MB	2.0.2
I8kfanGUI V3.1	Christian Diefer	29.06.2009	2.61MB	3.1
Intel(R) PROSet/Wireless Software	Intel Corporation	13.12.2009		11.5.0000
Java(TM) 6 Update 17	Sun Microsystems, Inc.	03.06.2009	94.5MB	6.0.170
Java(TM) SE Runtime Environment 6	Sun Microsystems, Inc.	09.03.2007		1.6.0.0
JDownloader	AppWork UG (haftungsbeschränkt)	19.11.2009	52.1MB	0.89
Left 4 Dead	Valve	02.06.2009	5'277.0MB	
Left 4 Dead 2	Valve	17.11.2009	6'343.8MB	
Livestream Procaster	Procaster	09.11.2009		1.0.93
Malwarebytes' Anti-Malware	Malwarebytes Corporation	12.12.2009	4.11MB	
MediaDirect	Dell	09.03.2007	119.1MB	4.7
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	03.06.2009	37.0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	18.09.2009	37.0MB	
Microsoft AppLocale	MS	14.11.2009	3.61MB	1.0.0
Microsoft Office Enterprise 2007	Microsoft Corporation	25.10.2009	631.8MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	13.09.2009	29.0MB	3.0.40818.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	02.10.2009	1.74MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	01.08.2009	0.25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	07.12.2009	0.33MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	02.08.2009		9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	02.06.2009	0.58MB	9.0.30729
Microsoft Windows Application Compatibility Database		14.11.2009		
Mozilla Firefox (3.5.5)	Mozilla	06.11.2009	31.9MB	3.5.5 (de)
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	09.03.2007	1.25MB	4.20.9841.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	02.06.2009	1.28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.11.2009	1.34MB	4.20.9876.0
MSXML4 Parser	Microsoft Game Studios	30.07.2009	64.00KB	1.0.0
NCsoft Launcher	NCsoft	25.09.2009	6.82MB	1.5.7.0
NetWaiting	BVRP Software, Inc	09.03.2007	4.91MB	2.5.41
NVIDIA Drivers	NVIDIA Corporation	27.10.2009	3'312.1MB	1.3
NVIDIA PhysX	NVIDIA Corporation	29.06.2009	120.0MB	9.09.0428
Octoshape Streaming Services		03.11.2009	1.48MB	
OutlookAddinSetup	CyberLink	09.03.2007	0.96MB	1.0.0
PC Connectivity Solution	Nokia	08.10.2009	9.25MB	8.15.0.0
QuickSet	Dell Inc.	13.12.2009	6.53MB	8.0.13
QuickTime	Apple Inc.	09.12.2009	77.3MB	7.65.17.80
RapidShare Manager	RapidShare AG	25.10.2009		0.1.0.257
RunAlyzer	Safer Networking Limited	26.11.2009	10.6MB	1.6.1.24
SAMSUNG Android USB Modem Software		08.10.2009		
SAMSUNG Mobile Composite Device Software		08.10.2009		
Samsung Mobile Modem Device Software		08.10.2009		
SAMSUNG Mobile Modem Driver Set		08.10.2009	0.12MB	
Samsung Mobile phone USB driver Software		08.10.2009	0.12MB	
SAMSUNG Mobile USB Download Driver Software		08.10.2009	0.12MB	
SAMSUNG Mobile USB Driver	SAMSUNG	08.10.2009	0.11MB	1.00.0000
SAMSUNG Mobile USB Modem 1.0 Software		08.10.2009	0.12MB	
Samsung Mobile USB Modem Device Software		08.10.2009	0.12MB	
SAMSUNG Mobile USB Modem Software		08.10.2009	0.12MB	
SAMSUNG USB Mobile Device Software		08.10.2009	0.12MB	
SamsungConnectivityCableDriver	Samsung	08.10.2009	0.62MB	6.83.6.2.1
Security Task Manager 1.7h	Neuber GmbH	12.12.2009	2.45MB	1.7h
SigmaTel Audio	SigmaTel	30.06.2009	22.1MB	5.10.5210.0
Skype™ 4.1	Skype Technologies S.A.	31.10.2009	31.1MB	4.1.179
Steam	Valve	02.06.2009	1.47MB	1.0.0.0
Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC	Sun Microsystems, Inc.	11.12.2009	80.4MB	2.5.2_01
Synaptics Pointing Device Driver	Synaptics	09.03.2007	12.9MB	9.0.1.3
TeamSpeak 2 RC2	Dominating Bytes Design	28.09.2009		2.0.32.60
Trillian	Cerulean Studios, LLC	27.11.2009	32.7MB	
Ventrilo Client	Flagship Industries, Inc.	03.06.2009	4.43MB	3.0.5
VirtualCom driver	AIT	08.10.2009	0.71MB	1.0.0
VLC media player 1.0.1	VideoLAN Team	31.08.2009	63.1MB	1.0.1
Windows Live Anmelde-Assistent	Microsoft Corporation	02.06.2009	1.93MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	02.10.2009	44.0MB	14.0.8089.0726
Windows Live Sync	Microsoft Corporation	02.10.2009	2.79MB	14.0.8089.726
Windows Live-Uploadtool	Microsoft Corporation	02.06.2009	0.22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	31.07.2009	0.29MB	1.0.0.8
WinRAR		04.06.2009	3.73MB	
World of Warcraft	Blizzard Entertainment	08.12.2009		3.3.0.10958
Xfire (remove only)		31.07.2009	23.9MB	
µTorrent		31.07.2009	0.28MB	1.8.3
         
__________________

Alt 15.12.2009, 13:25   #4
Averen
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Code:
ATTFilter
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
         
Das hat Hjiackthis gefunden, laut der automatischen Auswertung und google ist es schädlich, habs gefixt.

Hab nun Internet Explorer auf 8 geupdated!

Alt 16.12.2009, 11:25   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Hallo,

Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien (sofern diese noch existieren) bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen. Du kannst auch einfach den Ergebnislink posten:

Code:
ATTFilter
c:\windows\System32\Drivers\spbg.sys
C:\Windows\MRLH\IluPak.exe
         

Danach: Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.12.2009, 16:06   #6
Averen
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Ilupak.exe hat Kapersky entfernt und spbg.sys ist nicht mehr da? Kann mich nicht erinnern, dass irgendeine Meldung über spbg.sys aufgetaucht ist..

Hier OTL.txt:

Code:
ATTFilter
OTL logfile created on: 16.12.2009 17:00:34 - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Users\Vincenzo\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 89.35% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.70 Gb Total Space | 27.58 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.72 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.51 Gb Total Space | 836.88 Gb Free Space | 89.84% Space Free | Partition Type: NTFS
 
Computer Name: VINCENZO-PC
Current User Name: Vincenzo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Vincenzo\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Users\Public\Games\World of Warcraft\WoW.exe (Blizzard Entertainment)
PRC - C:\Users\Vincenzo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Vincenzo\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Xfire\xfire_toucan_40405.dll (Xfire Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msvcr71.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (stllssvr) --  File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GearAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (fanio) -- C:\Windows\System32\drivers\fanio.sys (Christian Diefer)
DRV - (guardian2) -- C:\Windows\System32\drivers\oz776.sys (O2Micro)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
 
[2009.12.15 12:13:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.14 23:00:34 | 00,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
 
O1 HOSTS File: (358602 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 12311 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Users\Vincenzo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.19 10:03:12 | 00,000,000 | RH-D | M] - I:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 03:56:50 | 00,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}\Shell - "" = AutoRun
O33 - MountPoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.12.16 16:38:59 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009.12.16 16:38:59 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009.12.16 16:38:59 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009.12.16 16:38:59 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009.12.16 16:38:59 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009.12.16 16:38:44 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009.12.16 16:38:44 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009.12.16 16:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009.12.16 13:51:49 | 00,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2009.12.16 13:41:36 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009.12.16 11:10:39 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009.12.15 23:11:01 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.12.15 23:11:01 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.12.15 23:11:01 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.12.15 22:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009.12.15 22:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009.12.15 19:29:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009.12.15 09:42:40 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.12.15 09:42:40 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.12.15 09:42:40 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009.12.15 09:42:40 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.12.15 09:42:40 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009.12.15 09:42:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.12.15 09:42:39 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009.12.15 09:42:39 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009.12.15 09:42:39 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009.12.15 09:42:39 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009.12.15 09:42:38 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009.12.15 09:42:38 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.12.15 09:42:38 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.12.15 09:42:38 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009.12.15 09:40:14 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009.12.15 09:40:14 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009.12.15 09:40:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009.12.15 09:40:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009.12.15 09:40:13 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009.12.15 09:40:13 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009.12.15 09:40:13 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009.12.15 09:40:13 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009.12.15 09:40:13 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009.12.15 09:40:13 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009.12.15 09:40:13 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009.12.15 09:40:13 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009.12.15 09:40:12 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009.12.15 09:40:12 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009.12.15 09:40:12 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009.12.15 09:40:12 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009.12.15 09:40:11 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009.12.15 09:40:11 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009.12.15 09:40:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009.12.15 09:40:11 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009.12.15 09:40:11 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009.12.15 09:40:10 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009.12.15 09:40:10 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009.12.15 09:40:10 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009.12.15 09:40:10 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009.12.15 09:40:10 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009.12.15 09:40:10 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009.12.15 09:40:10 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009.12.14 23:04:09 | 00,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2009.12.14 22:47:19 | 00,055,624 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2009.12.14 22:47:16 | 00,047,560 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2009.12.14 22:46:54 | 00,027,848 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2009.12.14 22:46:53 | 00,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\G Data
[2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\G DATA
[2009.12.14 22:41:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Downloaded Installations
[2009.12.14 20:30:46 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Intel
[2009.12.14 20:30:45 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Roaming
[2009.12.14 20:30:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2009.12.14 20:30:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Intel
[2009.12.14 20:30:16 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco
[2009.12.14 20:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009.12.14 19:57:52 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Dell
[2009.12.14 00:18:50 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.12.13 23:53:13 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Autostartscan
[2009.12.13 23:15:56 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.13 22:15:12 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Malwarebytes
[2009.12.13 22:15:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.12.13 22:15:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.12.13 22:15:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.12.13 22:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.12.13 22:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.12.13 19:31:26 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\.microemulator
[2009.12.13 17:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2009.12.13 16:42:11 | 00,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2009.12.13 16:00:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2009.12.13 15:54:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009.12.13 15:48:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009.12.13 15:48:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009.12.13 15:48:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009.12.13 14:13:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\mok
[2009.12.13 13:46:50 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Documents\ForceField Shared Files
[2009.12.13 13:46:47 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\CheckPoint
[2009.12.13 13:46:34 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2009.12.13 13:44:18 | 00,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2009.12.13 13:19:07 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009.12.13 13:19:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009.12.13 12:48:35 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\QuickScan
[2009.12.13 12:30:53 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009.12.13 12:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009.12.11 16:06:14 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Aklog
[2009.12.10 23:51:08 | 00,000,000 | ---D | C] -- C:\cygwin
[2009.12.10 23:37:58 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\.mobione
[2009.12.10 23:36:51 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Genuitec
[2009.12.10 23:13:25 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.12.10 23:05:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009.12.10 23:03:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009.12.10 23:03:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009.12.09 18:34:11 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Documents\Downloads
[2009.12.09 15:37:15 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009.12.09 15:37:14 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009.12.09 15:20:55 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009.12.08 14:18:06 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009.11.29 19:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\Haali
[2009.11.28 00:27:46 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\TCPVIEW
[2009.11.28 00:27:42 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Trillian
[2009.11.28 00:27:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009.11.28 00:10:56 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Leatrix Latency Fix 1.15
[2009.11.27 17:16:16 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Safer Networking
[2009.11.27 17:12:40 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009.11.27 17:11:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.11.27 00:33:12 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009.11.27 00:29:40 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.11.27 00:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009.11.23 16:36:45 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2009.11.23 16:36:45 | 00,318,976 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2009.11.23 16:36:44 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2009.11.23 16:36:44 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2009.11.23 16:36:43 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009.11.22 14:01:44 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2009.11.22 14:01:44 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2009.11.22 14:01:44 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2009.11.22 14:01:43 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2009.11.22 14:01:43 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2009.11.22 14:01:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2009.11.22 14:01:43 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2009.11.22 14:01:41 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009.11.22 14:01:37 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009.11.22 14:01:37 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009.11.22 14:01:37 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009.11.21 19:26:44 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\dvdcss
[2009.11.21 19:23:07 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2009.11.21 18:46:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Any Video Converter
[2009.11.20 21:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2009.11.17 19:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.12.16 17:02:56 | 08,912,896 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT
[2009.12.16 16:44:58 | 00,182,340 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.12.16 16:44:58 | 00,182,340 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.12.16 16:44:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.16 16:44:13 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.16 16:44:13 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.16 16:44:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.16 16:42:54 | 00,524,288 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.12.16 16:42:54 | 00,065,536 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.12.16 16:42:48 | 03,888,995 | -H-- | M] () -- C:\Users\Vincenzo\AppData\Local\IconCache.db
[2009.12.16 16:38:59 | 00,001,811 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009.12.16 16:38:58 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009.12.16 16:36:09 | 00,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job
[2009.12.16 11:01:55 | 00,000,113 | ---- | M] () -- C:\Windows\(null)toolkit.ini
[2009.12.15 23:10:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.12.15 23:10:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.12.15 23:10:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.12.15 23:10:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.12.15 22:58:58 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.12.15 19:27:34 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At5.job
[2009.12.15 19:27:34 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At4.job
[2009.12.15 19:20:01 | 00,000,398 | ---- | M] () -- C:\Windows\tasks\At3.job
[2009.12.15 19:15:52 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At2.job
[2009.12.15 19:15:51 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At1.job
[2009.12.15 19:03:44 | 00,006,992 | ---- | M] () -- C:\Users\Vincenzo\Documents\cc_20091215_190341.reg
[2009.12.15 18:35:00 | 00,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job
[2009.12.15 09:57:30 | 00,020,556 | ---- | M] () -- C:\Users\Vincenzo\Documents\cc_20091215_095721.reg
[2009.12.14 23:04:12 | 00,000,680 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\d3d9caps.dat
[2009.12.14 23:04:12 | 00,000,552 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\d3d8caps.dat
[2009.12.14 23:04:09 | 00,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2009.12.14 22:58:46 | 00,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2009.12.14 22:47:19 | 00,055,624 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2009.12.14 22:47:16 | 00,047,560 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2009.12.14 22:46:54 | 00,027,848 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2009.12.14 20:32:56 | 01,427,212 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.12.14 20:32:56 | 00,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.12.14 20:32:56 | 00,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.12.14 20:32:56 | 00,123,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.12.14 20:32:56 | 00,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.12.14 20:30:19 | 00,002,654 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Dell Driver Download Manager.lnk
[2009.12.13 22:15:11 | 00,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.13 22:11:56 | 00,001,632 | ---- | M] () -- C:\Users\Vincenzo\Desktop\CCleaner.lnk
[2009.12.13 19:26:42 | 01,092,608 | ---- | M] () -- C:\Users\Vincenzo\Desktop\DAuth.exe
[2009.12.13 17:31:06 | 00,358,602 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009.12.13 13:28:48 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009.12.08 16:22:23 | 00,001,836 | ---- | M] () -- C:\Users\Vincenzo\Desktop\HijackThis.lnk
[2009.12.04 02:23:11 | 00,044,032 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 17:50:01 | 00,000,804 | ---- | M] () -- C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.11.30 20:33:46 | 00,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2009.11.27 18:05:14 | 00,358,602 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091213-171744.backup
[2009.11.25 00:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009.11.25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009.11.25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009.11.25 00:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009.11.25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009.11.25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009.11.25 00:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009.11.21 07:35:38 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.11.21 07:35:38 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009.11.21 07:34:58 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.11.21 07:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009.11.21 07:34:39 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.11.21 07:34:39 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009.11.21 07:34:39 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009.11.21 07:34:38 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009.11.21 07:34:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009.11.21 07:34:33 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.11.21 05:59:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.11.21 05:59:52 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009.11.21 05:59:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009.11.21 05:58:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.11.21 04:21:16 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2009.11.20 21:24:14 | 00,000,988 | ---- | M] () -- C:\Users\Vincenzo\Desktop\JDownloader.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.12.16 16:38:59 | 00,001,811 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009.12.16 16:38:44 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009.12.15 22:58:58 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.12.15 19:20:45 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At5.job
[2009.12.15 19:20:23 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At4.job
[2009.12.15 19:19:00 | 00,000,398 | ---- | C] () -- C:\Windows\tasks\At3.job
[2009.12.15 19:14:09 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At2.job
[2009.12.15 19:13:37 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At1.job
[2009.12.15 19:03:43 | 00,006,992 | ---- | C] () -- C:\Users\Vincenzo\Documents\cc_20091215_190341.reg
[2009.12.15 09:57:23 | 00,020,556 | ---- | C] () -- C:\Users\Vincenzo\Documents\cc_20091215_095721.reg
[2009.12.15 09:42:39 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009.12.15 09:33:18 | 00,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009.12.14 23:04:12 | 00,000,680 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\d3d9caps.dat
[2009.12.14 23:04:12 | 00,000,552 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\d3d8caps.dat
[2009.12.14 20:30:19 | 00,002,654 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Dell Driver Download Manager.lnk
[2009.12.13 22:15:11 | 00,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.13 22:11:56 | 00,001,632 | ---- | C] () -- C:\Users\Vincenzo\Desktop\CCleaner.lnk
[2009.12.13 19:26:23 | 01,092,608 | ---- | C] () -- C:\Users\Vincenzo\Desktop\DAuth.exe
[2009.12.09 18:30:33 | 00,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job
[2009.12.09 18:30:32 | 00,001,078 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job
[2009.12.03 17:50:00 | 00,000,804 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2009.11.30 20:33:46 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.11.27 17:11:24 | 00,001,836 | ---- | C] () -- C:\Users\Vincenzo\Desktop\HijackThis.lnk
[2009.11.23 16:36:44 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.20 21:24:14 | 00,000,988 | ---- | C] () -- C:\Users\Vincenzo\Desktop\JDownloader.lnk
[2009.11.08 23:24:17 | 00,000,947 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\MPQEditor.ini
[2009.10.09 20:20:56 | 00,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.10.09 20:20:56 | 00,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.15 15:41:41 | 00,139,152 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\PnkBstrK.sys
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.30 12:10:49 | 00,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.30 12:10:48 | 00,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.30 13:05:50 | 00,182,340 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.30 13:05:50 | 00,182,340 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.25 19:30:01 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.06.24 15:00:43 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.06.24 11:08:08 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.03 11:54:40 | 00,013,166 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\nvModes.001
[2009.06.03 11:54:39 | 00,013,166 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\nvModes.dat
[2009.06.03 11:42:18 | 00,044,032 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.04 16:39:34 | 00,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll
[2007.10.25 16:26:10 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.08 14:21:46 | 00,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.03.10 19:08:01 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.03.10 19:07:52 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.03.10 11:40:30 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Vincenzo\Documents\My Games:Roxio EMC Stream
< End of report >
         

Alt 16.12.2009, 16:07   #7
Averen
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Hier extras. txt:

Code:
ATTFilter
OTL Extras logfile created on: 16.12.2009 17:00:34 - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Users\Vincenzo\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 89.35% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.70 Gb Total Space | 27.58 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.72 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.51 Gb Total Space | 836.88 Gb Free Space | 89.84% Space Free | Partition Type: NTFS
 
Computer Name: VINCENZO-PC
Current User Name: Vincenzo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2754731202-3281619189-719602998-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038384F3-884F-4EB5-B762-FF73BD685720}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{1B0A5B37-0398-4013-82D7-29FAE7D95358}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4403F987-9463-4C96-BDAA-79BBC3D7944A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59D6E6FD-BA64-418A-A3E1-B6641F41EBF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6A381F6C-1EF7-4852-A720-F1E76E4C7AFF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6BF8036A-2497-4ED2-B1B1-98908893A77D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{759E4A03-867C-42EC-A197-CCE9728ED182}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8CCC55AD-D2AC-4DD3-B133-63B26C3FB116}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AA0250D3-255D-496A-B36C-1A54870FF95F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{ABE767B4-A542-4D8C-B604-519B1875E187}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF669D02-FC9C-4BBE-B360-8FF13E42A3B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D53F3873-05E5-48AC-BDD1-6ECF8F81EF8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038573F-5773-4DDA-ACE8-94E651D1972A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{022D63B6-887E-4399-A82F-163007B0458F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{02624111-DC3A-4243-A7B4-53B9089FED10}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{039BD43F-A7B0-4769-AA77-5ED649F910E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{03B91280-4582-4443-B82A-577088E00540}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04BAEF0D-8D66-4FB7-A062-9F9F4962AA05}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{051CC45B-0C1F-4AE1-BAC8-12C6FDE88F40}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0973A984-4C47-43F1-9001-91F2A297C5E3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{0A5FCD53-DFEC-4212-A408-9C9AD7979A43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AA5EBBB-2579-40F9-B27F-4FE42F86353A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D961434-B36C-45F8-A9A1-60329E662425}" = protocol=17 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe | 
"{0DC658E8-CE82-47D3-A214-028D4A32CF32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0E411BAE-B524-4720-A53F-0EC8ED39CCFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0E75CFC1-3221-4021-BD18-C3391DAFEEC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10CB53AE-9025-4CA6-808C-826F00B70658}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{123D1333-AF6C-455D-9DBD-A4386DC079E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1252583C-25FE-47B6-834F-71852A58CBD0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{15523A64-1AF2-4E27-B2CE-3D49F485D86E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{195997BF-E48A-4ABA-85AE-65D233F65904}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1AF6784C-F70F-4277-ADE9-35CD518E32B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1BFA5E41-4DA9-4320-9881-653FEE378C01}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C2BEC68-155C-4C3C-9511-B823EFEBE66B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{1D777288-4546-4653-BC2B-3F92225EDC03}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EBAA268-9E26-480D-992B-AB1CD9CAE4E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20B109F1-BAB6-4DEE-B0D2-1C78C886A86C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2334CC7C-8E68-46BA-817E-53D7DE508197}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{2339BF5C-3059-464F-8F41-85A2EE5D3ACF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{26C98D5B-3657-4586-B3D4-D1F5552BA079}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27C4D5AD-2F59-4246-AA3B-CCA8E9E4837B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{27CD8B49-4C17-47B0-868A-7FF47A3C63BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30838499-D4C8-47C0-8F6A-36D73D1DED2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30DA99E7-6F0E-4DB7-A7BB-7A792F14BEF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{31D0021E-0E9C-4551-AD55-2C700282BC98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{341EC60B-2E17-4865-ACB0-8256BFDD1807}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{372CC4D6-2702-4670-863E-D47387063CF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37A41778-4C36-42F3-9B5B-CD8FD2BDBEFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37F6538A-2533-468B-9275-7610883BE47E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3827278B-A88C-4D6E-8CB6-DC973C7085C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39FD66ED-5F5F-4542-AAA7-FA666290D7AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AAD92C7-DAA2-4F84-B655-A921B79A5AC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AE9D5C6-B6FA-4D02-8F34-794A97143509}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C68580E-4CB9-4F2C-BDAD-8D9D1928091C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{3D13A6EA-F799-4A17-8D47-6892A31A58FA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{3EE01864-5623-49FA-A163-ADCB63E55D33}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FC285FB-570B-4259-8694-8D75F329390E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4085D281-B24D-4EB1-B91A-00CEBCD667CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42D5ADC3-F45C-472D-AC06-B2B766EC6F08}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{43BCA886-D504-446C-B035-1A933E502146}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{445224A6-5E3C-4E73-86D5-AABDF2615074}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{44D2D0AE-200F-4DD3-B8F7-964CB9990E4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45F1077A-2F63-4E41-887C-2F2CE5DFD18C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4839123F-956E-460A-8B5A-5B0D78E8ADC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{489DE033-885E-4E7D-A83D-4C5314F1F7AA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{4A00E09A-F1A0-4AA3-ADAE-135C87297EAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{4B6CC3AD-AAE3-40C0-A1C9-3CD443BBB54E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4FA06D3B-E669-4C27-BB52-311A0023CF77}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5327DDB1-439F-4BC0-997C-250249D1F5AA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{538216BE-984A-48F0-BCE4-21F9BF550396}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{546A399B-90BB-41E8-B31A-C2FA3ADB6F0E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{560D827C-0CEF-490D-8E7B-4B5E9A1ABE29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{568595C7-EC86-4AD2-A0E2-D38F6FDBA0EA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{573B5B0F-291A-48F5-A4B6-C0901D0B6990}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5AC2B734-85CD-450B-AADA-EF2399C95A5B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{5B9472FF-5609-4D8B-A9AC-889AAA16667F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C6A01D7-483C-4BEB-83D5-4E452B6DDABA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{5C9DBCDE-B50F-4BBC-959C-9061925F7EED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5EAD0787-9BAA-4102-A8FD-E94312591E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6005A155-8FA8-4ADD-A739-6E75AA7BE114}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{630AE891-D375-430E-A712-7910AF831B7D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63EDF660-89F6-49D9-922F-FED5E0C2D852}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64655074-D177-4444-B98E-77329A9BCB0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{65B49493-99EC-4F24-90C1-0D4B924C2C89}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65D12B7D-0998-4D86-8FE0-D63A391CEF18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6685042B-3F19-4E17-96D9-81BDF67D3539}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67AF56EB-5466-4F28-A751-C4A71F5289EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6876097A-461A-42EE-96B4-0B2F2B4064B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6960C67A-4591-45F7-8BA8-A0409D483F93}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B670171-E1DE-464D-ADD1-0988E905643C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D1D754B-01F5-4859-96B2-C8EDB66F47B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6EED5A32-C8BC-4DE4-8403-CAFE906ACD55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{719DAB0A-9E68-482F-8818-9D9575B142AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72F62C7F-15A5-4FCC-8C3F-F6E31D211EF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{737F2FEF-58E2-48C2-90DA-B5DE560D9CA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73E5876E-CCDB-4361-B283-6EDF94E8A4FC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | 
"{7437C312-C901-48EA-8421-8E1262FD9303}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7883CF31-22F5-4C3E-A76F-A38D4A35115B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{79747C5F-BF1C-4B53-A79D-641071BAA433}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B3FBC19-368F-4831-AADE-C16AAC4172EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7BA14617-4E8B-48E0-A7ED-92D19275CE80}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{7D7CF9B0-816E-4B61-8DA3-D61D60FFFFAD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D9F4A1D-210F-4422-913C-F1E056034873}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{7E07BC99-B566-4F11-8E07-556DE07C4F84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7ECE8A1E-3F39-43E2-A3A4-C03E0FA7FD0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7EDE4963-06A5-4CE4-8FA0-241F58B6FE00}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{7EF9D233-2FBF-4CFD-A681-768607C7AF72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FB5B4C1-2F3A-4282-9E4C-A9270D3B9A84}" = protocol=6 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe | 
"{83073A7A-F78D-4241-BFE5-0C2911A5DFA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{830EE769-271F-412A-B440-498459DDA330}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{842AD2D3-D7ED-492E-B8EC-EF1F6A6F6DB3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{852652E8-3008-4128-9D39-53BAD96BCC0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{85BD7352-5A79-41DE-88C9-7E6187F0EB3F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{8648B3A8-CE02-44A1-86E7-050094C2A1DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8713956A-A918-4355-A078-5F5FD25959A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{884111CE-0226-4036-8A7C-0B059AA7A8EF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{8AD28BA1-47DB-49E2-B630-4D890494AB6E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | 
"{8BF9656A-CF0A-4D38-82C8-8080BE19B334}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{8C20EAE4-7AC2-438E-9336-9AF764FE33B2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{8CC218DF-56DF-45DD-B045-C2429387411D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8CCB2A1A-BA5F-4D1F-9547-A482419CC63F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8DB3532A-3577-4705-88BC-B895BFD8CD28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8DE99B54-779D-439D-BD17-51B6B47F2029}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{924D699C-92D5-42FF-848D-B043E24520A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{93C0FCCA-35DF-4804-BFA4-D87EB1FBE918}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{943BFE9D-7E93-45B9-BBD4-840C38562212}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94571C91-3C4C-449B-9794-57F687C3D715}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9545D10E-D444-4975-B253-9DC671A137F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96AE5CE2-3E69-43B2-A7EF-481A490D18D8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe | 
"{96EAE1F5-38C7-4696-93AB-2B86A8716F80}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{975B1D30-6221-4336-8704-B32677104FCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{977C3669-111D-4E99-B1F5-2AF3860FAC18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9793B05F-39A6-469E-9796-47750707662B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{983898B6-122B-4C9D-AEFF-02FCDFA3A8DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98FBDCA3-F097-4970-ACD3-830D51F70F73}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{993533CE-220F-4CA4-9915-1CCAF9B42931}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe | 
"{9AFD115A-9873-475A-BA2C-09E36955CC87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B7ECC0E-403A-43D0-8C45-C683EB8CB111}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D770CBA-884D-4EBC-8D7C-877F0166C5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E1E0003-43AA-424D-B594-A8FAED64A9EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A09DD221-67DF-4B19-AF27-A7CE994BA826}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | 
"{A116950A-9FB2-4156-AF3A-A5ABD85ADE5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A33CE113-D6ED-4963-B70F-1F85C98C4D68}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A381CAA6-666D-436E-A691-654DADB23679}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A38AF5EC-4DC2-430B-986C-CDDAD730D7A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5E27DEC-F196-4736-8365-385223B60CC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A642B72F-84F2-4F91-B4A9-9D1771F462E2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A673891D-BB3C-4782-AE81-5B0C40A14238}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A71E8A10-F50B-481C-BB67-DAC19731E349}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9876FC2-EA43-4F23-9979-7C71C1D18CD3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9CD87B3-5639-4AD1-99E9-0DBB64C89C60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AAEF54AF-457B-402F-86C1-5B85034009A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB38619C-DB20-4909-BBDA-F4EE1422018F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{AC80A7D4-5FF9-4A60-8238-F5CAEC4324DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACFD7B63-E4A7-4F17-9669-6B4A4797B0C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0E96051-2CAF-497E-98EF-B8113B674072}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2AE8B84-19D6-4CD3-BEC9-19E784F0C020}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5C6CA76-3C59-4648-BFD7-39E6B1DCF735}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BA76DA09-FE55-4D7D-9ADE-026A79EBB71C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BBA0D18E-01DE-4A21-99B0-8400931C260A}" = protocol=6 | dir=in | app=c:\program files\broadcom\bacs\bacs.exe | 
"{BE1B46FB-8B57-4B9E-A3E1-B4957D650153}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF8D4B65-8A3F-4DEF-AC2F-6545233C5F22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C077BD5D-F2A6-4F11-8038-5F47F0C1B85D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C114965B-83E6-4AED-AF59-9A6817884D12}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C293C1BD-0010-4A7C-8618-BE2D51A49A36}" = protocol=6 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe | 
"{C821F6FC-430E-4F8F-9814-F17CD5322351}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C952A90B-B3B6-4F1A-B476-2FE313099CF2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA095824-2562-4D98-8B2C-60FD56060485}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{CA4AF358-ACA2-4FE0-B89F-8FCBF412084F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB0358A7-4B33-47AF-8546-E3C31081B313}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{CB27AB2C-4ADC-481F-A820-78974021973D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBA08CDC-0284-4FFA-BB3A-117282EAF940}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDC4327C-4172-4B6D-A4EA-5D345427AD44}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CEC322F1-E397-4200-993A-5D4F4ACF3D60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF0C7BF0-EB27-4AD0-BD58-A411588A8A92}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CFA510DF-5119-47F5-AB41-8F19FE4E417F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D113C468-4046-45E7-AA37-0752DAD24D5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D1F77A3F-ACA0-47AF-A6AE-432D5CB69CE3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D64887AD-67E8-4CD0-964C-942D4E5B5DAD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6DA839E-4A88-4F50-8E00-205BECA98B8F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{D8D42037-4387-4622-A8C3-8A064197790C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DAEF6D29-C7D3-4E0F-96DD-37D1866B9E23}" = protocol=17 | dir=in | app=c:\program files\broadcom\bacs\bacs.exe | 
"{DBB4A795-B8EE-4EB7-8D75-759760DFA947}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{DBCF4DF7-1BB2-4A87-A092-F53ACA9B5DC1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | 
"{DCAB9747-C1AA-4610-9762-7F2B4887A718}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E01FD454-3E77-4BF0-9CAC-519118C4CF72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0CD3705-709C-4F55-919A-32312E88B440}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E33550FF-9B7E-41E9-8CF9-2ADE7C5D8838}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E35F2A8A-9DF8-419A-94FE-BD7EB768AC77}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E391A72C-0763-491B-BFE7-89FA3EE82E81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E539B68D-CB76-4451-92DE-59A4F281973F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E622673A-A8F3-45F2-A963-20EBD8F7D266}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{E6B7C564-C9A9-4190-9D8F-0581C720212A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{EA48B94F-6359-407B-AAE4-B43B8DC38338}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB677613-5F8D-4487-8575-5C6A2BCA3A84}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{EC01C0CD-07B2-4545-B953-42CA97ABA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ECF531D7-85C9-4E32-9B25-6CAC950FC850}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{ED8C6196-7E5D-48D8-A31B-7FEDA0AF7D1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EEFF2FB3-4332-4326-A06F-1108E9867B07}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{EFC5F6AE-B0DB-489A-B0C6-956BFF2ABCC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F04CEE67-9A14-4FF5-8620-D27478516037}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{F078261B-24AE-4777-ACAC-6D9A86153F18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F10BFC00-912C-45E4-A7A9-DD89A9E0DEC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F319BB7D-DD2F-49A2-99BA-DFAD09131C12}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F31FFBF5-3A5B-4652-9B14-4833403EC025}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F4BDEE5B-28D4-49FE-9CEF-CF1563B98B10}" = protocol=17 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe | 
"{F4EECC96-65EA-4243-A8D4-91278EC9383A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7EB7944-D560-4C46-BFDB-93BC5ED0FDAF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F9282978-9C91-4AD3-91E6-73CDC6841B21}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | 
"{FD0E829C-BFE3-4D84-8C2F-521AFE5F28BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | 
"{FF006D46-6B6A-4DDA-B53D-DB8468306011}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF03F9F4-B71B-4C81-B9DE-E1EAF82C9205}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{107C204E-32A7-4928-9875-B1E81BD4A962}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{156E0EBE-666E-4581-9ECC-17CAE4C8DB83}C:\program files\darkfall\lobby.exe" = protocol=6 | dir=in | app=c:\program files\darkfall\lobby.exe | 
"TCP Query User{1726EC80-F47A-4AEE-B1B3-8934D95A7BC6}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{1B6834E3-0F54-402E-8ED4-F1FB12219017}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"TCP Query User{4C9B8B5E-37EB-463A-B3EA-E7900FDF520B}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{4D56A8FA-56A3-4CCB-9055-15A5B283184A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{507478A9-9FEE-4D82-8418-768007198DA9}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{5C1E66C3-91F0-417B-89CB-A799BDB9FD77}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"TCP Query User{709664DD-A358-49D1-A5B2-31062DAA5F6A}C:\program files\icqlite\icq.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icq.exe | 
"TCP Query User{7A6CC43B-54BA-49DF-A8E5-7F7A2A779D97}C:\program files\xfire\dppm_source.exe" = protocol=6 | dir=in | app=c:\program files\xfire\dppm_source.exe | 
"TCP Query User{8AC00333-10B8-4A3A-8797-2078030C9FB8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{93658077-6190-494D-B30E-0BCF88FB5774}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{A14D1F0C-1FB9-41E3-A84C-996F335DFB33}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{A7C71B1E-3E47-4CEA-99B6-C3DC086C4388}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{AD969AD1-3C40-4EB9-9597-E51321C6615C}C:\program files\icqlite\icq.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icq.exe | 
"TCP Query User{BA43394C-8062-4407-AE19-17BA0418C9BA}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{CB603192-1687-43F6-B98D-A0FBC9346745}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{D3C2287D-E198-40B0-ACF0-229CE34D98D1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{E646F0DA-39F6-4733-95C8-BF3D81F120D8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{FF7FF774-880A-4A96-9B08-5F482F5D11E2}C:\program files\darkfall\data\sfbrowser.exe" = protocol=6 | dir=in | app=c:\program files\darkfall\data\sfbrowser.exe | 
"UDP Query User{05E828C9-827A-4BC6-9037-1BF5CA8F8A47}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{0669F47F-0992-48D0-808B-A6668C269424}C:\program files\darkfall\lobby.exe" = protocol=17 | dir=in | app=c:\program files\darkfall\lobby.exe | 
"UDP Query User{133FF0D8-F9E2-46F4-8059-4F9E72BA5511}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{20708FDC-81C7-443E-9E14-66AACD28EF2C}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"UDP Query User{28E9BE02-C02D-435C-8E43-697F70C6BC26}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{2F831123-1553-4399-AD89-41C8C0F1B55B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{3295876F-85A4-4B80-945F-5FABC0E8342E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{80D45623-27B1-42DA-AAB4-D24BB60C1DDC}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{8464E879-8DA9-456A-A53D-B4A5268FDF25}C:\program files\darkfall\data\sfbrowser.exe" = protocol=17 | dir=in | app=c:\program files\darkfall\data\sfbrowser.exe | 
"UDP Query User{9B4DCBE1-6C5A-4816-BA5F-EF7C27E7B5B1}C:\program files\icqlite\icq.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icq.exe | 
"UDP Query User{B0C706F3-0567-4679-9301-FEEF5BB19664}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{BD0FF8E1-CE28-46EB-B531-76B04DEA8A90}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C1D2D327-6772-4C5B-93B5-06A75C070F4B}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{CA6F13DC-5D00-4D51-AAFB-CD210BB9996C}C:\program files\xfire\dppm_source.exe" = protocol=17 | dir=in | app=c:\program files\xfire\dppm_source.exe | 
"UDP Query User{CF0FB5B9-90E9-45BF-90B8-071052871555}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{E4C80630-D909-49EA-B7F5-EF08B3E9C80D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{E60BBEF9-655F-4D91-8A4B-08BA0CFC04FA}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{E6601A14-0B0E-4D19-B973-2492C449467A}C:\program files\icqlite\icq.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icq.exe | 
"UDP Query User{E68CAF78-2C24-4B6C-AE6A-E49B48C1AF99}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"UDP Query User{F6E7F387-BF78-4EEC-9F17-CDB145C7A530}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E323ECF-FA5B-454A-B79C-508419AC2538}" = Livestream Procaster
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CB1BFD3-82B0-4C3E-A586-0A5472158E9E}" = Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BatchRenamer" = Batch Renamer 2.1.1 (uninstall)
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Glitchy's Model Editing Suite_is1" = Glitchys MES
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"I8kfanGUI" = I8kfanGUI V3.1
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Security Task Manager" = Security Task Manager 1.7h
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"5f48e2ab41c5d005" = RapidShare Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1 
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 15.12.2009 13:46:47 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 15.12.2009 13:46:47 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 15.12.2009 13:47:07 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
[ System Events ]
Error - 16.12.2009 08:15:32 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 16.12.2009 08:47:24 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 16.12.2009 08:48:44 | Computer Name = Vincenzo-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.14 für die Netzwerkkarte mit der Netzwerkadresse
 0019D27C7B31 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 16.12.2009 08:59:35 | Computer Name = Vincenzo-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.14 für die Netzwerkkarte mit der Netzwerkadresse
 0019D27C7B31 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 16.12.2009 11:42:46 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2009 11:45:29 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         

Alt 16.12.2009, 17:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Bitte mal den Avenger anwenden

Vorbereitungen:
a) Deaktiviere den Hintergrundwächter vom Virenscanner.
b) Stöpsele alle externen Datenträger vom Rechner ab.


Danach:

1.) Lade Dir von hier Avenger als gehweg.exe => File-Upload.net - gehweg.exe auf den Desktop

2.) Doppelklick die Datei "gehweg.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
files to delete:
c:\windows\System32\Drivers\spbg.sys

folders to delete:
C:\Windows\MRLH
         
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.12.2009, 21:56   #9
Averen
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Code:
ATTFilter
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "c:\windows\System32\Drivers\spbg.sys" not found!
Deletion of file "c:\windows\System32\Drivers\spbg.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Windows\MRLH" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
         

Hat es ausgespuckt!

Alt 17.12.2009, 09:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Wenn Du nebenbei noch AntiVir installiert hast, solltest Du nur den verwenden und Symantec/Norton AntiVir deinstallieren! Mehrere Virenscanner mit Hintergrundscanner sind nicht gerade gut für das System.

Mach danach noch einen Scan mit aggressiven Einstellungen von AntiVir.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2009, 17:09   #11
Averen
 
Keylogger, WoW - Account gehackt :X - Standard

Keylogger, WoW - Account gehackt :X



Ok, werd ich heute Nacht mal durchlaufen lassen Danke!

Antwort

Themen zu Keylogger, WoW - Account gehackt :X
32 bit, antivir, antivir guard, avgntflt.sys, bho, browser, desktop, diagnostics, email, excel, firefox, flash player, fontcache, google, hdaudio.sys, home, home premium, install.exe, installation, logfile, malwarebytes' anti-malware, media center, msiexec, msiexec.exe, nvlddmkm.sys, office 2007, programdata, programm, proxy, registrierungsschlüssel, registry, safer networking, scan, security, security scan, senden, server, software, start menu, symantec, system, usb, vista 32, vista 32 bit, windows, windows-defender, windows-sicherheitscenterdienst



Ähnliche Themen: Keylogger, WoW - Account gehackt :X


  1. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  2. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  3. WoW Account gehackt. Keylogger? In der Vergangenheit den BND Trojaner vom System beseitigt. Highjack Log anbei
    Log-Analyse und Auswertung - 28.08.2012 (11)
  4. Wurde mein Rapidshare-Account durch einen Keylogger, etc. "gehackt"?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (0)
  5. Wow Account gehackt hab ich einen Keylogger oder Trojaner
    Log-Analyse und Auswertung - 18.04.2011 (1)
  6. Sehr komischer Fall! WoW account Gehackt Keylogger? nur wo?
    Log-Analyse und Auswertung - 03.07.2010 (1)
  7. PC wurde gehackt - Keylogger?
    Log-Analyse und Auswertung - 21.06.2010 (6)
  8. Keylogger werde gehackt
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (5)
  9. Keylogger email account gehackt! wer weiß was
    Log-Analyse und Auswertung - 18.03.2010 (1)
  10. Keylogger(Acc gehackt)
    Log-Analyse und Auswertung - 03.03.2010 (18)
  11. WoW Account 2 mal gehackt
    Log-Analyse und Auswertung - 05.02.2010 (0)
  12. Wow Account gehackt, Keylogger?
    Log-Analyse und Auswertung - 05.01.2010 (1)
  13. wow-account gehackt
    Log-Analyse und Auswertung - 14.12.2009 (5)
  14. WoW Account gehackt. Wie werd ich den Trojaner/Keylogger los?
    Log-Analyse und Auswertung - 09.12.2009 (6)
  15. Paypal Account gehackt! Keylogger auf dem Rechner?
    Log-Analyse und Auswertung - 07.07.2009 (0)
  16. Keylogger ?? ... WoW Account gehackt ...
    Log-Analyse und Auswertung - 20.01.2009 (0)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema Keylogger, WoW - Account gehackt :X - Hallo erstmal! Ich hab heute schon ganz viel gemacht, da ich schon 2 mal! in einer Woche gehackt wurde. Antivir, AVG, Norton Security Scan (Hat was ausgespuckt, aber nur eine - Keylogger, WoW - Account gehackt :X...
Archiv
Du betrachtest: Keylogger, WoW - Account gehackt :X auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.