| |
| |||||||
Log-Analyse und Auswertung: Probleme mit unbekannten Dateien (trojaner?)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
09.08.2010, 16:14
| #1 |
| |  Probleme mit unbekannten Dateien (trojaner?) Hallo Liebes Trojaner-Board Team, wie soll ich ich sagen, aber ich glaube ich habe hier einen Notfall. Als mein Bruder am PC war hat er iwie son Fake Antivir eingefangen von Soft iwas, was diverse Probleme verursacht hat. Durch zufall konnte ich es zum abstürzen bringen und löschen. Nach einem Malwarebytes Scan hab ich auch diverse Trojaner aufm rechner gehabt die ich auch gelöscht habe. Desweiteren hatte ich 2x backdoor.bot welche siche nun in quarantäne befinden. Danach schien eine weile alles gut zu gehen, dann habe ich einfach so noch mal hijack durchlaufen lassen und dateien gefunden die ich nicht kenne. Google konnte mir leider nicht weiter helfen. Probleme die auftreten: -Kann nicht auf meine mails zugreifen, da mir gesagt wird das ich von wo anders noch mit der mail angemeldet bin. Logt sicht aber ein freund von mir mit meiner mail ein, kann er problemlos auf die emails zugreifen, auch wenn ich noch angemeldet bin. -Malwarebytes lässt sich nicht aktualisieren, normale updates (win) funktionieren einwandfrei. -Bei Online Spielen hab ich oft das Problem das die Server nicht antworten (liegt auf jedenfall bei mir das prob). Ich weiß das das ne handvoll probleme sind, und ich habs nur dazu geschrieben, falls man daraus eine art muster erkennen kann. Hijackthis: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:34, on 09.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\Razer\Lycosa\razerhid.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\ehome\ehtray.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Razer\Lycosa\razertra.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: NETGEAR WG111v3 Setup-Assistent.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6977 bytes Malwarebytes läuft grade noch durch, wird aber wieder ohne befund sein. Log kann ich später anhängen. Programme die ich für meine Sicherheit nutze: Avast Antivir (die gratis version, funktioniert aber meines erachtens nach sehr gut) Malwarebytes(wie gesagt lässt sicht iwie nich mehr aktualisieren) Ccleaner Glary Utilities Pro Danke im Voraus! Hier der Malwarebytes Scan: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 3023 Windows 6.0.6002 Service Pack 2 09.08.2010 17:53:37 mbam-log-2010-08-09 (17-53-37).txt Scan-Methode: Vollständiger Scan (C:\|J:\|) Durchsuchte Objekte: 284505 Laufzeit: 1 hour(s), 19 minute(s), 53 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von notfall (09.08.2010 um 16:58 Uhr) |
|
09.08.2010, 19:17
| #2 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Probleme mit unbekannten Dateien (trojaner?)Zitat:
Zitat:
 Zitat:
__________________ |
|
09.08.2010, 20:00
| #3 |
| | Probleme mit unbekannten Dateien (trojaner?) Zu dem Log mit den Befunden:
__________________- Das ist nun gut nen Monat her und ich hab echt Kp wo der log ist  (.Hatte zu der Zeit kein Inet und dachte nachdem ich die Trojaner entfernt hatte ist alles wieder gut. Die Probleme treten halt seit ca ner Woche auf seitdem ich wieder mim netz verbunden bin. Ich hab mal das mit dem manuellen Malwarebytes Update versucht, leider startet es nun nicht mehr und klatscht mir nen errorcode 730 (0,0) vor die Stirn. Werd mal googeln und schaun was ich da machen kann. |
|
09.08.2010, 20:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit unbekannten Dateien (trojaner?) Hm, normalerweise im Programm selbst unter Scan-Berichte/Logdateien. Wenns nicht mehr startet => http://www.trojaner-board.de/82699-m...tet-nicht.html Einfach die mbam.exe in mbam.com umbenennen und diese dnn mal doppelklicken
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.08.2010, 20:35
| #5 |
| | Probleme mit unbekannten Dateien (trojaner?) Habe Malwarebytes mal deinstalled und neu runtergeladen, und siehe da er updated :P Lasse grad nochmal durchlaufen. Die logs find ich allerdings nicht, im mwb ordner ist nur nen weiterer ordner namens language und paar andere dateien. Da mein System warum auch immer mehrere ordner bei dem installieren erstellt hab ich mal alle durchgeguckt, nix... Noch ne frage nebenbei, ist das normal das ich mich alle 30 sek neu hier einloggen muss? xP Und wäre echt cool wenn jemand was zum hijack log sagen könnte, die rot makierten einträge machen mir besonders viele sorgen, da ich die noch nie vorher gesehen habe! Danke im voraus. MwB log wird wieder nach beendigung des scans gepostet. |
|
09.08.2010, 21:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit unbekannten Dateien (trojaner?) Hijackthis-Logs kannst Du vergessen für heutige Analysen. Mach bitte erstmal den Vollscan mit Malwarebytes mit der aktuellen Versionen und aktuellen Signaturen!!
__________________ --> Probleme mit unbekannten Dateien (trojaner?) |
|
09.08.2010, 21:55
| #7 |
| | Probleme mit unbekannten Dateien (trojaner?) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4411 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 09.08.2010 22:52:15 mbam-log-2010-08-09 (22-52-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|J:\|) Durchsuchte Objekte: 299530 Laufzeit: 1 Stunde(n), 37 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Neue version und zum glück was gefunden  .Ich denke mal den kann ich problemlos kicken oder?^^ Stellt sich noch die frage was mit den dateien im HijackThis log ist. Danke im voraus für jede antwort! |
|
09.08.2010, 22:21
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit unbekannten Dateien (trojaner?)Zitat:
Zitat:
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.08.2010, 22:42
| #9 |
| | Probleme mit unbekannten Dateien (trojaner?) OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.08.2010 23:30:10 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 46,56 Gb Free Space | 26,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 45,22 Gb Total Space | 45,13 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
Drive K: | 539,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E5722B1-A331-4DE7-A5E6-6029D3917E27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6990643F-5E3B-469D-876D-00345AFC49A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9301465E-9938-4E66-B10A-8B57DC51DD9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD85F1E7-2360-4F6C-918A-CB8C2E2C7E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0376F33C-FE47-48B7-89DF-F59A3318138E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{068E0DFC-A40F-4C6E-92BE-622753F11989}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe |
"{096CBF99-B365-46A5-81C2-52032F99419E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe |
"{0C692DBF-683A-4A07-8924-0F694E423F68}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{1015EBDF-8ABE-4BE8-8D16-554662F1CD50}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{1728350A-E89A-4C94-AB5F-359E98FEB8E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\kev1804142\counter-strike\hl.exe |
"{1A4340FE-90E2-4122-9422-B9365959E609}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{1E0D4055-7835-481E-832E-8D733CB960F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe |
"{2E448F65-DC40-43DF-97B3-F75F274FC1B1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{457DDDB4-0E92-4787-BBC2-CE83CF2FA993}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{5F3210FB-B388-478E-99E7-EB474E1325F0}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{5F3A70AD-4A9A-4175-9E1D-A0E77D632D5A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{601208A2-8655-430F-9AA3-4E1DA27B9439}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{60DF5E2F-7C44-487A-9C0A-637BDB86E28F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{653C4363-924D-4C09-BD08-3C4DECE88FD3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-engb-ptr-downloader.exe |
"{65D3DA6E-BA5A-41F7-8BAA-8A7895016C0B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe |
"{89317D37-D4DA-48E7-9C99-7999DBAB1EBB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{8AEC75A1-9247-4853-86DB-035ED4FE9BA7}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{92BDA403-5FB5-4080-86F2-0521976CE0AD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{99B37F61-A9E5-4259-A7B0-350229509D7E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A2A74962-6503-472B-9052-8941FA4EEF4D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A38F3336-98B9-4F95-BF68-EF7D9F76E55A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{B889802A-0418-49E9-BA3D-8C66313E3D1D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BFFE0891-EF33-45C3-A4EB-9862F9C26E5B}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{C3099A2D-1BFE-4F16-B012-C40E00FCDFD1}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C638B71B-D556-4F10-9A71-8BFAF5031193}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-engb-ptr-downloader.exe |
"{CA9E9D23-D2F7-4BC8-80E3-704D4108BB7B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D6C80550-3F37-48D8-846B-DCE01D676829}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-engb-ptr-downloader.exe |
"{DCF71FE4-C823-4E7B-819D-272F5197A287}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{DD30E25D-1438-4246-8599-0461EB75D82E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\kev1804142\counter-strike\hl.exe |
"{E40852EE-92B5-4D51-8971-FB15A27915C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E946F265-4B33-49ED-BD16-369C8E341964}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-engb-ptr-downloader.exe |
"{EC5EA48C-EE66-41A4-99CC-144628DBFF2B}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{F04A8754-8E3C-421D-BECF-F9AFAB615233}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"TCP Query User{04CA41A8-DC3D-4BC9-9DA6-5EBA9042BFC3}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe |
"TCP Query User{07516232-D4BB-485C-AF93-42BB274C29E1}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{08682804-FC7C-481F-9CC4-84130941519D}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{093F98AC-78B0-4116-94E7-2E912AA9FE80}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{0DB1F04D-F707-4039-BEA5-AD28410C4C2B}C:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"TCP Query User{117EF904-929D-4A7B-A2CD-AD9EDC7405E9}C:\users\kev\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe |
"TCP Query User{17DBFEFD-3C9B-4A60-82C9-24936E05D27A}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{1C7AB96D-BF49-4480-B043-46EEE63927F4}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{25DD9A7F-4165-4243-8BA7-DC58FBB10E57}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"TCP Query User{34298AEF-5112-402B-BCE4-4517FF6950DF}C:\unreal anthology\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe |
"TCP Query User{3583640C-DB7C-48DE-A07A-57E88074FFF1}C:\program files\steam\steamapps\genius209\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\genius209\counter-strike\hl.exe |
"TCP Query User{4A1C705A-F089-4725-BB6D-5B001EE8EBF2}C:\users\kev\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\kev\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{4A55599B-17C0-4BA8-81F9-7367ED32B82B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{59095997-12EA-4826-AF04-CE4A46F961CA}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{642923A4-3C68-45DE-A8CB-0B6954D1F53C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{78845424-45C2-4C59-B6F7-4EDF722BA3B8}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{8BB577AE-132F-4613-BCC5-197EF7B517D1}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe |
"TCP Query User{8C4A6825-49DC-4B4C-BBD2-58B2E7F81283}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |
"TCP Query User{8E499C18-6114-4870-AEB2-5A70250BA4E8}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{8EA266EF-FFF9-4335-8900-790F723DD36B}K:\d-link.exe" = protocol=6 | dir=in | app=k:\d-link.exe |
"TCP Query User{9CA9A8C1-01B7-4667-90F4-CA783203E39A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{A3A88A0C-E777-437D-91CA-C1E2C9EE3C87}C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch\wowtest\wow-0.3.0.7468-to-0.3.0.7485-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch\wowtest\wow-0.3.0.7468-to-0.3.0.7485-dede-downloader.exe |
"TCP Query User{A8DB9275-1012-4569-B106-434B655402D7}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"TCP Query User{A938BE27-CBC7-4F63-B049-4F13BF95C53D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{AD046F74-929B-4D28-AB06-63619A0985BA}C:\users\kev\desktop\wow-language-pack-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\wow-language-pack-engb-downloader.exe |
"TCP Query User{B327CA75-D4FF-46C8-99E9-F5B0EEDC7318}C:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe" = protocol=6 | dir=in | app=c:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe |
"TCP Query User{B80F5D9C-ED9E-4D59-842A-9AD0DAC354EB}C:\users\kev\desktop\vba link\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\vba link\visualboyadvance.exe |
"TCP Query User{C35B2E5B-CE6E-4114-BD4A-DB774DFA8B4C}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{D8F7E071-404B-4560-B688-D6CA742E728C}C:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe |
"TCP Query User{DFA2A831-7665-48B5-B5C3-D2E542308784}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"TCP Query User{F6C09E79-39DB-4A4A-88D7-7752C3890416}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{FE697B05-B916-49EB-9AA5-943C962A0ADC}C:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe |
"TCP Query User{FEC6DDB6-B953-4743-ABD3-753C1041FBBD}C:\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\diablo ii\game.exe |
"TCP Query User{FED69D51-69BE-4F7D-9A72-1CA3FBCE2937}C:\users\kev\desktop\wow-language-pack-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\kev\desktop\wow-language-pack-engb-downloader.exe |
"UDP Query User{00884650-1030-4275-97B1-2AA502D68414}C:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe" = protocol=17 | dir=in | app=c:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe |
"UDP Query User{0E8FE509-AB4F-4CEC-B002-D1DFB02BE8E6}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{11BF1DB2-425D-4E06-9BD2-F26BC314E9B6}C:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe |
"UDP Query User{158BF257-5E9F-4E18-8C79-E103EBEFDEE3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{19825F39-6500-448D-942D-6C8D355CEF2D}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{1B2A1BBB-2C48-4A53-A469-86AF6A5A1A6F}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"UDP Query User{2019E1BB-5DDF-4E57-AACC-C3C248DE2BE9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{225E39EB-B143-44A9-B3DD-D6C8AED874F4}C:\users\kev\desktop\vba link\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\vba link\visualboyadvance.exe |
"UDP Query User{249C3354-0724-4EB4-9D5A-FC7140803CBB}C:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\kev\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe |
"UDP Query User{24C4454B-00A4-455D-8363-268D845720D5}C:\program files\steam\steamapps\genius209\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\genius209\counter-strike\hl.exe |
"UDP Query User{2BA05799-3D84-4332-9A07-723150930EA1}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{476D7E4E-F7BC-4F2F-BC81-049581407CF8}C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch\wowtest\wow-0.3.0.7468-to-0.3.0.7485-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch\wowtest\wow-0.3.0.7468-to-0.3.0.7485-dede-downloader.exe |
"UDP Query User{4C898DDD-6952-41BC-B89C-CCE254F3CC82}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{5050883E-54A4-4161-8995-708E618DB2FF}K:\d-link.exe" = protocol=17 | dir=in | app=k:\d-link.exe |
"UDP Query User{51BF6D27-0A6C-4C82-A0C0-25732ED796DB}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |
"UDP Query User{55CC75CD-E1F8-4C78-9CAB-68078969168B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{565CB796-844D-42D6-B379-B3CB11000270}C:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\kev\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"UDP Query User{68678668-B29C-4BC8-9F35-A45314A28CC4}C:\unreal anthology\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe |
"UDP Query User{6D23A8FE-F3FD-414D-B5DA-B5633F234257}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{7E45E226-6A24-4C5C-8224-5C4652A87C31}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"UDP Query User{8AA8E442-614A-4E6A-9CB9-BD8BF0710C3A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{ABF958A7-8FCA-4919-84A0-459384B3179D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{B4DD7543-922D-4810-8CDF-3C400C36B629}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{B50D5E0C-37DB-4AFE-A60D-12D32D259953}C:\users\kev\desktop\wow-language-pack-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\wow-language-pack-engb-downloader.exe |
"UDP Query User{CD9A2B9A-9523-4AD7-BD6A-B1B931DD10FE}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"UDP Query User{D48D3390-5F48-486C-A85E-A87359264A24}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe |
"UDP Query User{DB9B4884-2F3C-439D-82B5-8CE397B8836A}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{DD321A9A-D04B-455A-BD73-D108456E7E94}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{DF30247D-BA01-4EE6-83B9-3A51B3FE1950}C:\users\kev\desktop\wow-language-pack-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\wow-language-pack-engb-downloader.exe |
"UDP Query User{E3BA0F97-11C3-4551-A25F-C852EC6C8403}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe |
"UDP Query User{EE801708-885F-4F5F-806B-5512F52DE32A}C:\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\diablo ii\game.exe |
"UDP Query User{F1998FF4-7595-4197-8C7B-43D162F37D6A}C:\users\***\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe" = protocol=17 | dir=in | app=c:\users\kev\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe |
"UDP Query User{F981C125-AEFB-4CA9-9F1E-59EC0847BBF9}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{FEB522B5-F4F4-40AE-BC68-450F02A82AC2}C:\users\***\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\kev\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{0D7B7EFD-C8D8-85CE-D7AC-15CB76F745B8}" = ATI Catalyst Control Center Ex
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2995F172-E2F6-4D21-A8A0-090EBBA7E60D}" = OpenOffice.org 3.0 Beta
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D34D82E0-4600-407B-9478-8506C1DD1031}" = Nero 7 Essentials
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast!" = avast! Antivirus
"CABAL Online_is1" = CABAL Online
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"divx650vfw_is1" = DivX Pro 6.8.0 VFW
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Glary Utilities_is1" = Glary Utilities Pro 2.6
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Security Task Manager" = Security Task Manager 1.7h
"Steam App 10" = Counter-Strike
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bailamo" = bailamo
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 06.03.2010 12:13:57 | Computer Name = Kev-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Kev\AppData\Roaming\skypePM\2010-03-06-2.ezlog failed, 00000005.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--------------------------------------------------------------------------------------------- OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2010 23:30:10 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Kev\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 173,99 Gb Total Space | 46,56 Gb Free Space | 26,76% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 45,22 Gb Total Space | 45,13 Gb Free Space | 99,80% Space Free | Partition Type: NTFS Drive K: | 539,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe () PRC - C:\Programme\Glary Utilities\memdefrag.exe (GlarySoft,Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) PRC - C:\Programme\Razer\Lycosa\razertra.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) PRC - C:\Programme\Razer\Copperhead\razerhid.exe () PRC - C:\Programme\Razer\Copperhead\razerofa.exe (Razer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. ) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. ) DRV - (LycoFltr) -- C:\Windows\System32\drivers\Lycosa.sys (Razer USA Ltd.) DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 0F 7F 40 C8 D9 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe (GlarySoft,Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\Shell\AutoRun\command - "" = K:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.09 23:29:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2010.08.09 21:13:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.09 21:12:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.09 21:12:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.09 06:40:33 | 000,000,000 | ---D | C] -- C:\Neuer Ordner [2010.08.09 05:56:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.08 19:53:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam [2010.08.08 19:52:55 | 000,000,000 | ---D | C] -- C:\Programme\Steam [2010.07.31 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch ========== Files - Modified Within 30 Days ========== [2010.08.09 23:32:15 | 004,456,448 | -HS- | M] () -- C:\Users\Kev\ntuser.dat [2010.08.09 23:30:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83FBEBE3-B758-4CBA-9E8B-9742F07D78DF}.job [2010.08.09 23:29:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2010.08.09 23:08:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 23:08:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 22:47:08 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.09 21:14:22 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.09 21:14:22 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.09 21:14:22 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.09 21:14:22 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.09 21:14:22 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.09 21:13:03 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.09 21:09:53 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2010.08.09 21:09:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.09 21:08:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.08.09 21:08:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.09 21:08:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.09 21:08:16 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2010.08.09 21:07:41 | 000,524,288 | -HS- | M] () -- C:\Users\Kev\ntuser.dat{f50aed8c-f738-11dd-89e8-854b8ddf64c3}.TMContainer00000000000000000001.regtrans-ms [2010.08.09 21:07:41 | 000,065,536 | -HS- | M] () -- C:\Users\Kev\ntuser.dat{f50aed8c-f738-11dd-89e8-854b8ddf64c3}.TM.blf [2010.08.09 21:07:09 | 002,952,672 | -H-- | M] () -- C:\Users\Kev\AppData\Local\IconCache.db [2010.08.09 16:44:42 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DB38E93A-38EC-4070-B765-E95CCC581324}.job [2010.08.09 16:15:58 | 000,299,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.09 05:58:27 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.08 20:03:38 | 000,000,212 | ---- | M] () -- C:\Users\Kev\Desktop\Counter-Strike.url [2010.08.08 20:02:33 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.08.05 19:28:55 | 000,000,813 | ---- | M] () -- C:\Users\Kev\Desktop\World of Warcraft.lnk [2010.07.31 01:26:50 | 000,152,904 | ---- | M] () -- C:\Windows\System32\vghd.scr ========== Files Created - No Company Name ========== [2010.08.09 21:13:03 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.09 05:56:37 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.08 20:03:38 | 000,000,212 | ---- | C] () -- C:\Users\Kev\Desktop\Counter-Strike.url [2010.08.08 19:52:58 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.04.26 03:02:11 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys [2010.03.15 19:20:39 | 000,000,145 | ---- | C] () -- C:\Windows\Lilli.ini [2010.03.15 19:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\Lclin.ini [2009.09.11 02:41:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.23 20:36:55 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.23 20:36:53 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.07.20 15:17:12 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.20 15:17:06 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.07.20 15:04:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.09.27 00:07:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.09.06 16:51:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.08.21 23:52:05 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini [2007.08.21 23:51:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.02 21:41:20 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2007.08.02 21:39:13 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2007.08.02 21:39:12 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2007.08.02 21:39:12 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2007.04.26 13:05:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2007.04.26 12:08:43 | 000,003,584 | ---- | C] () -- C:\Windows\NcDial.dll [2007.03.10 13:51:48 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2007.01.12 17:51:01 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.04.13 11:30:06 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll [2006.02.25 20:09:38 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > So da sind die logs Und zu den dateien in dem mwb ordner, es stimmt das ich vlt nich 100%ig weiß was ne logdatei ist, aber ich bin mir ziemlich sicher das dll exe und lizenz dateien nicht dazu gehören :P |
|
10.08.2010, 08:36
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit unbekannten Dateien (trojaner?) Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\Shell\AutoRun\command - "" = K:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] ()
[2010.07.31 01:26:50 | 000,152,904 | ---- | M] () -- C:\Windows\System32\vghd.scr
@Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.08.2010, 12:58
| #11 |
| | Probleme mit unbekannten Dateien (trojaner?) All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! File move failed. K:\AUTORUN.INF scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{354af7a4-f33f-11db-ae29-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{354af7a4-f33f-11db-ae29-806e6f6e6963}\ not found. File move failed. K:\SETUP.EXE scheduled to be moved on reboot. C:\Windows\System32\vghd.scr moved successfully. ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully. ADS C:\ProgramData\TEMP FC5A2B2 deleted successfully.ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully. ADS C:\ProgramData\TEMP 1B5B4F1 deleted successfully.========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 186120 bytes ->Java cache emptied: 14182633 bytes ->FireFox cache emptied: 58793997 bytes ->Flash cache emptied: 38710 bytes User: Kev ->Temp folder emptied: 29730677 bytes ->Temporary Internet Files folder emptied: 2729442 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1148 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6980 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 101,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 08102010_134834 Files\Folders moved on Reboot... File move failed. K:\AUTORUN.INF scheduled to be moved on reboot. File move failed. K:\SETUP.EXE scheduled to be moved on reboot. File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
10.08.2010, 13:22
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit unbekannten Dateien (trojaner?) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.08.2010, 14:08
| #13 |
| | Probleme mit unbekannten Dateien (trojaner?) Combofix Logfile: Code:
ATTFilter ComboFix 10-08-09.03 - Kev 10.08.2010 14:44:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1233 [GMT 2:00]
ausgeführt von:: c:\users\Kev\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\system.txt
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-10 bis 2010-08-10 ))))))))))))))))))))))))))))))
.
2010-08-10 12:33 . 2010-08-10 12:33 -------- d-----w- c:\program files\CCleaner
2010-08-10 12:29 . 2010-08-10 12:29 -------- d-----w- c:\users\Kev\AppData\Roaming\Yahoo!
2010-08-10 12:29 . 2010-08-10 12:29 -------- d-----w- c:\program files\Yahoo!
2010-08-10 11:48 . 2010-08-10 11:48 -------- d-----w- C:\_OTL
2010-08-09 19:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 19:12 . 2010-08-09 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 19:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 04:40 . 2010-08-09 04:40 -------- d-----w- C:\Neuer Ordner
2010-08-08 17:53 . 2010-08-09 03:55 -------- d-----w- c:\program files\Common Files\Steam
2010-08-08 17:52 . 2010-08-10 12:19 -------- d-----w- c:\program files\Steam
2010-07-31 19:51 . 2010-07-31 19:51 -------- d-----w- c:\programdata\WindowsSearch
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 11:57 . 2006-11-02 15:33 628504 ----a-w- c:\windows\system32\perfh007.dat
2010-08-10 11:57 . 2006-11-02 15:33 126054 ----a-w- c:\windows\system32\perfc007.dat
2010-08-10 11:45 . 2007-04-27 06:13 -------- d-----w- c:\users\Kev\AppData\Roaming\Skype
2010-08-10 06:06 . 2010-01-10 17:02 -------- d-----w- c:\users\Kev\AppData\Roaming\skypePM
2010-08-09 03:58 . 2007-08-03 16:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 23:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-31 19:39 . 2009-01-16 19:16 -------- d-----w- c:\users\Kev\AppData\Roaming\Samsung
2010-07-30 23:26 . 2010-04-26 01:02 -------- d-----w- c:\program files\vghd
2010-07-14 00:08 . 2010-04-17 13:31 -------- d-----w- c:\program files\Conduit
2010-07-05 20:32 . 2009-08-16 23:54 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-06-26 01:03 . 2010-06-26 01:03 -------- d-----w- c:\program files\Microsoft.NET
2010-06-17 22:14 . 2007-04-25 16:54 1356 ----a-w- c:\users\Kev\AppData\Local\d3d9caps.dat
2010-06-17 21:40 . 2007-04-25 15:27 71256 ----a-w- c:\users\Kev\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-14 11:49 . 2010-06-14 11:49 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-06-13 21:18 . 2010-06-13 21:18 -------- d-----w- c:\program files\Gameforge4D
2010-05-26 17:06 . 2010-06-11 15:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 15:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 07:48 . 2010-05-20 14:11 145 --s-a-w- c:\users\Kev\AppData\Local\3390726344.dat
2010-05-21 12:14 . 2009-10-03 00:29 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 14:11 . 2010-05-20 14:11 4 ----a-w- c:\users\Kev\AppData\Roaming\ofubwi.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2008-03-05 92160]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-08 1238352]
"New Application"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2109440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):df,63,38,85,10,55,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-12-28 289280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;avast! Self Protection; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2010-03-15 108768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2007-09-27 21888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-08-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-06 09:08]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:26]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:26]
2010-08-10 c:\windows\Tasks\User_Feed_Synchronization-{83FBEBE3-B758-4CBA-9E8B-9742F07D78DF}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
2010-08-09 c:\windows\Tasks\User_Feed_Synchronization-{DB38E93A-38EC-4070-B765-E95CCC581324}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.yahoo.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\wpclsp.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-10 14:56:31
ComboFix-quarantined-files.txt 2010-08-10 12:56
Vor Suchlauf: 25 Verzeichnis(se), 49.981.886.464 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 49.920.520.192 Bytes frei
- - End Of File - - A3F7713051C8FA1C9516E59C134D91F2
|
|
10.08.2010, 14:36
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit unbekannten Dateien (trojaner?) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.08.2010, 15:24
| #15 |
| | Probleme mit unbekannten Dateien (trojaner?) Beim ausführen von GMER: Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.0.6002.2.2.0.768.3 Gebietsschema-ID: 1031 Zusatzinformationen zum Problem: BCCode: 1000008e BCP1: C0000005 BCP2: 82659D95 BCP3: AA8F1A54 BCP4: 00000000 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Dateien, die bei der Beschreibung des Problems hilfreich sind: C:\Windows\Minidump\Mini081010-02.dmp C:\Users\Kev\AppData\Local\temp\WER-48656-0.sysdata.xml C:\Users\Kev\AppData\Local\temp\WER1E12.tmp.version.txt Osam log wird über den Browser geöffnet, wie poste ich den am besten? Bootkit remover lasse ich nun durchlaufen. |
|
| Themen zu Probleme mit unbekannten Dateien (trojaner?) |
| abstürzen, adobe, antivir, antivirus, avast, avast!, bho, defender, google, hijack, internet, internet explorer, memory optimizer, netgear, object, ohne befund, plug-in, rundll, scan, server, sicherheit, software, spielen, symantec, system, trojaner, trojaner-board, trojaner?, unknown file in winsock lsp, updates, vista, windows |
Linear-Darstellung
