| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: winhelp.exe TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.08.2010, 20:34
| #1 |
 |  winhelp.exe Trojaner Hallo liebe Forenmitglieder, ich habe seit heute das Problem das mein Browser (Firefox) stark laagt und ich ein paar mal von einer normalen Internetadresse auf diese h**p://allxxx.tk/new/index.php weitergeleitet wurde. Antivir meldete mir den Trojaner "appdata\local\windows\winhelp.exe" der nach löschen einfach neu erstellt wurde. Ich hoffe auf schnelle Hilfe von Euch. Systemless Anbei noch ein HijackThis Log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:29:44, on 16.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Users\***\WindowHidie.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\conime.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\cmd.exe C:\Windows\explorer.exe C:\Windows\system32\Taskmgr.exe C:\Users\***\Downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Window Hidie] C:\Users\***\WindowHidie.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\***\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file) O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file) O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - hxxp://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - hxxp://download.speakyweb.com/speakyldr.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - h**ps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.26.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} (pmpeg4cam Class) - hxxp://193.138.213.160/MpegInst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5741BBCB-D570-41E7-978A-8A9687E52169}: NameServer = 10.4.56.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: B-Service - Unknown owner - C:\Users\***\AppData\Roaming\Mikogo\B-Service.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 15413 bytes [/code] So nach einem Scan mit Malwarebytes Anti-Malware sieht es so aus als hätte ich mich mit Bifrose infiziert. Hier die VirusTotal-Links der Gefundenen Dateien: (ich weiß nicht wieso aber egal welche Einstellung ich nehme die Links werden immer umgwandelt) analyzethis.dll: hxxp://www.virustotal.com/file-scan/report.html?id=e44c5e40c32a95fb76c9363aace54d690ec5a42cf970e11fe317442190b78234-1282044565 load[1].exe: hxxp://www.virustotal.com/file-scan/report.html?id=f11ea495621dab0a45e400379e6d581cb95d27ca752a1f2b100fc05570d7fe86-1282045141 winhelp.exe: hxxp://www.virustotal.com/file-scan/report.html?id=f11ea495621dab0a45e400379e6d581cb95d27ca752a1f2b100fc05570d7fe86-1282045282 memory.tmp: hxxp://www.virustotal.com/file-scan/report.html?id=f11ea495621dab0a45e400379e6d581cb95d27ca752a1f2b100fc05570d7fe86-1282045487 ado1.dll: hxxp://www.virustotal.com/file-scan/report.html?id=f5774c1a9da2fa8e8c39a8c9df09688830af101d51abb0a87cd7b816806f636a-1282045609 Anbei das Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4439
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
17.08.2010 13:21:10
mbam-log-2010-08-17 (13-21-10).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 422094
Laufzeit: 2 Stunde(n), 15 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\bifrost1.2 (Bifrose.Trace) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6D0DZNX\load[1].exe (Trojan.Dropper) -> No action taken.
C:\Users\***\AppData\Local\Windows\winhelp.exe (Trojan.Dropper) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Trojan.Dropper) -> No action taken.
C:\Users\***\Desktop\cracktuts\RFN\cRz_34 - UnPacking_MoleBoxPro_2.6_(ohne extra Dateien)\OllyPlugins\analyzethis.dll (Malware.Packer) -> No action taken.
C:\Program Files\Common Files\System\ado1.dll (Trojan.BHO) -> No action taken.
otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.08.2010 14:02:38 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\***\Desktop\VirusOrdner\Bekämpfung Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 24,00% Memory free 3,00 Gb Paging File | 0,00 Gb Available in Paging File | 10,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 175,77 Gb Total Space | 34,09 Gb Free Space | 19,39% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\VirusOrdner\Bekämpfung\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe () PRC - C:\Users\***\WindowHidie.exe (Xigga) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Razer\Copperhead\razerofa.exe (Razer Inc.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Razer\Copperhead\razerhid.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\VirusOrdner\Bekämpfung\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (B-Service) -- C:\Users\***\AppData\Roaming\Mikogo\B-Service.exe () SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (TeamViewer) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (NSNDIS5) -- C:\Windows\System32\NSNDIS5.SYS File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (hidusbf) -- C:\Windows\System32\drivers\hidusbf.sys (SweetLow) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (HssDrv) -- C:\Windows\System32\drivers\hssdrv.sys (AnchorFree Inc.) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (UsbFltr) -- C:\Windows\System32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (mbmiodrvr) -- C:\Windows\System32\mbmiodrvr.sys (cansoft@livewiredev.com) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.2.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.4.5 FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.69.1 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0 FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6 FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.13 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.6 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8.3 FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.3 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: aboutme@test.mozilla.com:0.4.1 FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2 FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.0.2 FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo FF - prefs.js..extensions.enabledItems: ServerSpy@jacquet.eu.org:0.1.6 FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6.5 FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3 FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1 FF - prefs.js..extensions.enabledItems: dnscache@dominik.jungowski:1.6 FF - prefs.js..extensions.enabledItems: wappalyzer@crunchlabz.com:1.9.2 FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.10 FF - prefs.js..extensions.enabledItems: {03651b2d-eb7d-4be7-af1b-dc0cd162dd54}:0.8.1 FF - prefs.js..extensions.enabledItems: isadmin@vdtsoftware.ffext:2.2 FF - prefs.js..extensions.enabledItems: flashbug@coursevector.com:1.6.3 FF - prefs.js..extensions.enabledItems: gspeed@wobot.org:1.1 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.15 13:54:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 10:58:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 10:58:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 10:58:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 10:58:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010.07.10 23:21:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.13 23:32:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.13 23:32:44 | 000,000,000 | ---D | M] [2008.06.19 15:43:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.17 10:35:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions [2010.04.14 16:28:28 | 000,000,000 | ---D | M] (ErrorZilla Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{03651b2d-eb7d-4be7-af1b-dc0cd162dd54} [2010.01.22 22:10:03 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.07.06 22:28:20 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.08.06 13:04:43 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2010.04.13 23:23:03 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2009.11.11 13:32:28 | 000,000,000 | ---D | M] (RefControl) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A} [2009.12.17 17:29:25 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.02.03 14:43:40 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} [2010.08.06 13:04:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.04.13 23:23:01 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2010.04.22 22:48:47 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21} [2010.02.12 15:31:58 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2009.09.28 23:17:54 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010.02.12 15:31:57 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2010.06.28 16:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.09.04 21:31:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.07.11 20:40:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.06 13:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.07.21 17:43:23 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.10 00:27:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.09.28 23:17:59 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2010.04.13 23:35:16 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} [2010.07.21 17:44:18 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.03.20 14:52:57 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55} [2010.07.21 17:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4} [2010.01.09 00:13:33 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD} [2009.09.29 19:44:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\aboutme@test.mozilla.com [2010.07.07 10:09:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\battlefieldheroespatcher@ea.com [2010.07.21 17:43:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\checkplaces@andyhalford.com [2010.04.14 16:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\dnscache@dominik.jungowski [2009.09.04 21:31:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\elemhidehelper@adblockplus.org [2010.03.20 14:52:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\FasterFox_Lite@BigRedBrent [2010.05.08 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\firebug@software.joehewitt.com [2010.03.20 14:52:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\firecookie@janodvarko.cz [2010.04.14 16:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\flashbug@coursevector.com [2010.04.14 16:44:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\gspeed@wobot.org [2010.04.14 16:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\isadmin@vdtsoftware.ffext [2010.03.07 00:41:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\locationbar2@design-noir.de [2010.04.14 16:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\mitm-me@andras.tim [2010.08.06 13:04:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\optout@dubfire.net [2010.04.13 00:00:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\ServerSpy@jacquet.eu.org [2010.03.20 14:52:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\SkipScreen@SkipScreen [2010.08.06 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\staged-xpis [2010.07.21 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\support@lastpass.com [2010.07.21 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\tabscope@xuldev.org [2010.08.04 16:00:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a2v173gm.default\extensions\wappalyzer@crunchlabz.com [2008.09.20 15:22:40 | 000,002,749 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\a2v173gm.default\searchplugins\cuil.xml [2010.08.14 20:44:23 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\a2v173gm.default\searchplugins\icqplugin.xml [2010.04.15 22:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.03.16 13:30:42 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.16 13:30:42 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.16 13:30:42 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.16 13:30:42 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.16 13:30:42 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe () O4 - HKLM..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe () O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [Window Hidie] C:\Users\***\WindowHidie.exe (Xigga) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\***\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\PrxerNsp.dll ( ) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PrxerDrv.dll (Initex Software) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ***pc ([]https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} hxxp://download.speakyweb.com/speakyldr.cab (Speaky Chat) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.26.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} hxxp://193.138.213.160/MpegInst.cab (pmpeg4cam Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8579a099-2b1e-11dd-bfce-001a80a47407}\Shell\AutoRun\command - "" = H:\init.bat -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.17 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\VirusOrdner [2010.08.17 01:02:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.17 01:02:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.17 01:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.17 01:02:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.17 01:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.15 15:06:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows [2010.08.15 15:06:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Server [2010.08.06 23:39:22 | 000,524,800 | ---- | C] (Dark-Lightning Studios) -- C:\Users\***\Desktop\WindowTimer.exe [2010.08.06 02:35:06 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32 [2010.08.05 01:04:58 | 000,000,000 | ---D | C] -- C:\Users\***\.jagex_cache_32 [2010.07.21 18:04:11 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll [2010.07.21 18:04:10 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll [2010.07.21 18:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ableton [2010.07.21 13:57:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kabelrechner (V1_4) [2010.07.20 14:26:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2010.07.20 14:26:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera [2010.07.20 14:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2009.03.02 21:10:36 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.17 14:02:53 | 005,242,880 | ---- | M] () -- C:\Users\***\ntuser.dat [2010.08.17 13:59:57 | 000,000,099 | ---- | M] () -- C:\Users\***\jagex_runescape_preferences2.dat [2010.08.17 13:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.17 12:35:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.17 12:35:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.17 12:30:21 | 000,048,982 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2010.08.17 12:04:14 | 000,000,051 | ---- | M] () -- C:\Users\***\jagex__preferences3.dat [2010.08.17 12:04:14 | 000,000,046 | ---- | M] () -- C:\Users\***\jagex_runescape_preferences.dat [2010.08.17 10:50:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.17 10:35:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.17 01:02:10 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.17 00:18:16 | 000,008,944 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.08.16 23:39:21 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.08.16 23:19:56 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.08.15 20:02:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.15 20:02:20 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2010.08.15 15:09:48 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.08.06 02:28:20 | 000,000,764 | ---- | M] () -- C:\Users\***\Desktop\SwiftKit.lnk [2010.08.06 02:16:45 | 000,103,936 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.25 12:47:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.25 12:47:38 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{4a895e57-e270-11de-ad4c-bf261059db64}.TMContainer00000000000000000001.regtrans-ms [2010.07.25 12:47:38 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{4a895e57-e270-11de-ad4c-bf261059db64}.TM.blf [2010.07.25 12:47:29 | 004,552,269 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.07.24 23:15:25 | 000,018,752 | ---- | M] () -- C:\Users\***\Desktop\Gepaeckliste.de.mht.htm [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.17 01:02:10 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.06 02:28:20 | 000,000,764 | ---- | C] () -- C:\Users\***\Desktop\SwiftKit.lnk [2010.07.24 23:15:24 | 000,018,752 | ---- | C] () -- C:\Users\***\Desktop\Gepaeckliste.de.mht.htm [2010.07.20 14:26:41 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2010.07.18 18:01:10 | 000,402,944 | ---- | C] () -- C:\Users\***\Desktop\Interferenz.exe [2010.07.01 23:20:31 | 000,001,050 | ---- | C] () -- C:\Windows\APDFPRP.INI [2010.06.13 18:37:31 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2010.01.22 03:33:06 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2009.12.15 00:36:48 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2009.12.07 19:27:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.12 19:30:29 | 000,294,912 | ---- | C] () -- C:\Windows\System32\mbr_sqlite.dll [2009.10.16 22:44:30 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll [2009.09.09 15:44:13 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.08.25 23:02:18 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2009.08.22 17:53:37 | 000,000,087 | ---- | C] () -- C:\Users\***\AppData\Roaming\RSBot Accounts.ini [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.21 09:13:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.03.19 00:16:47 | 000,000,158 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.rss [2009.03.13 12:07:04 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.03.02 21:10:45 | 000,000,180 | ---- | C] () -- C:\Users\***\AppData\Roaming\Current.prx [2008.10.03 15:18:57 | 000,000,230 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.10.03 14:20:23 | 000,002,418 | ---- | C] () -- C:\Windows\Sandboxie.ini [2008.09.28 16:25:54 | 000,000,058 | ---- | C] () -- C:\Windows\my.ini [2008.09.28 13:17:59 | 000,046,312 | ---- | C] () -- C:\Windows\php.ini [2008.09.28 13:16:32 | 002,076,672 | ---- | C] () -- C:\Windows\System32\libmysql.dll [2008.06.17 20:04:11 | 000,000,052 | ---- | C] () -- C:\Users\***\AppData\Roaming\vispa.ini [2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.06.11 02:03:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.06.11 02:03:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.05.31 20:39:34 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.05.25 15:25:33 | 000,025,773 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.05.24 19:34:45 | 000,103,936 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.24 19:31:14 | 000,008,944 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.05.24 19:31:06 | 000,048,982 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.05.24 19:31:06 | 000,048,982 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.05.23 00:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.01.09 18:24:01 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2008.01.09 18:02:48 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2008.01.09 18:01:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll [2007.08.28 19:03:14 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.12.29 17:25:06 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mp4spvd.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.05.24 10:20:38 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2000.06.28 01:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0C1EFF69 < End of report > extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.08.2010 14:02:38 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Julian\Desktop\VirusOrdner\Bekämpfung
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 24,00% Memory free
3,00 Gb Paging File | 0,00 Gb Available in Paging File | 10,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 175,77 Gb Total Space | 34,09 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JULIANPC
Current User Name: Julian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3072177993-2518604005-2827483147-1000]
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\iTALC\ica.exe" = C:\Program Files\iTALC\ica.exe:*:Enabled:iTALC Client Application (ICA) -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097C2209-5060-4307-A52E-E7C6EA4BAE30}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A13C96B-3976-4F00-B30B-8BF8235AC5FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F75D195-A1D0-43A0-8B05-C89F1F563096}" = lport=139 | protocol=6 | dir=in | app=system |
"{66997B41-E8D3-44E2-A474-BFA757DB62FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{701C5C22-FA89-4DBE-B6AE-41BC050805CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70642DC3-8516-4763-BCB6-62D25461079D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E9C90B4-6D08-43EE-9250-3F0CEF0C4F8D}" = rport=138 | protocol=17 | dir=out | app=system |
"{803DD71C-3BE6-422D-8AB6-3237EAEA6394}" = rport=445 | protocol=6 | dir=out | app=system |
"{92A9483F-8642-4413-A765-C85A8F6114C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ADF33D7A-708E-4472-BF95-89C1F47ADCFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE707804-43B2-4EA8-BDD8-B9584780B08E}" = lport=137 | protocol=17 | dir=in | app=system |
"{B2234BCB-FC44-4D90-A78A-4266ACA560F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA99A6A5-BFEB-4165-BC75-53258988287C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAE4B9C5-0F5C-47A3-8513-DDAB93B09A50}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE7B2310-9D6B-4760-98D0-01E4907AB56B}" = rport=139 | protocol=6 | dir=out | app=system |
"{E3D4DA4F-25D0-42AA-8A02-6311023BCC3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4B8BB18-9E96-49AB-9105-FAA6321F8C3D}" = rport=137 | protocol=17 | dir=out | app=system |
"{E94BECD1-7831-448F-94AB-4316C7AC1C49}" = lport=445 | protocol=6 | dir=in | app=system |
"{EED4D7D4-7F4D-4D3F-83C4-3C48085C2D23}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1B56F67-3C18-4EEC-9FD2-3FBB4B3248A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{F48C6F34-8821-462F-A57C-1BA7FF807E22}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128C10D-AFE4-4C63-9E31-2409CE13A6D4}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{017FBF47-4C08-442F-82EB-B70CF25FD24A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{03EB60E4-E588-4498-9FC2-07975719F2C6}" = protocol=6 | dir=out | app=system |
"{0DF62FE2-03EA-4BD0-9BE5-C180034C3370}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1400891A-453B-414C-81FF-8365E31C2C89}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{15F9D684-F166-4B1E-8C7D-599BBCF4B74C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1FD013F2-09C0-4E63-82FD-42F14CDB032C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2640F29C-7C71-4D27-B0BE-E3A3349EFF4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C1C74F9-556C-4AB7-91AF-43FB096CAB63}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2E1C1277-E398-44E5-BED1-6ED546AAF1B6}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{319850DB-A412-4EB2-BB93-6B302C3D15AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{329F6164-5252-447A-B7B1-B3C4E2DEB38A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A16FEA7-0CF8-4181-8ED2-E181303056EA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{426877E6-0848-4A56-8D3F-98388A9059BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45E02DFE-B75A-487A-8FDC-18E36AFA0872}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47A93E1B-8242-41B9-A7D3-47C740A1D1FD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4EE54AB9-64D8-4088-8026-EFFB2ABC7FC8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5359BE5D-9F13-40DF-AFBD-59782BE5A000}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{550BFBBD-146A-45A5-9C35-03107BC63F14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67B4DE82-6A95-4F45-A000-B64AF2A7C01F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{699E27D6-811F-4E51-936E-F192A39D25FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71A1E19E-F31B-4567-9713-5F5FD332B8C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7734E68B-0B74-4AFD-B88E-B29744610756}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E66D20C-658E-43F4-9381-BE7DA442F40E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{86A2CA44-0871-4AF0-8BEC-F57738CE7610}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{86B34F35-300E-403F-BF9B-52E87F7030EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AE71ADD-4840-4EF2-A376-1AD903B2D713}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B75C648-2807-4D29-8BCD-118D6F8CAE9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A202A113-645D-4680-81AF-5A04C91AB2F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3EF6311-F91B-456C-84CD-B4AEBF35D1F1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE5613B0-DDA7-4093-B569-AD2ABF40168E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C128077A-6CCB-4557-A310-C7A1755DB6C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB6877D5-854F-413A-B3DE-FB7776177383}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D3275182-59B6-4BEA-B3A4-56327315A2FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D71BB955-9866-404C-9273-23BF32993BAD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{DFD7EEC6-263D-4336-AA7C-3B43404913CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E2105212-F9D5-4315-8D13-63EC04C87B7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2E520F8-E1ED-46D6-B89F-B079908CE0C3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EBEDA206-EE6A-48FF-A015-AC05001C44C8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{EC316066-605E-40E4-88AC-15C94520CDDB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F1084597-D15D-48A8-AEA4-8AE83B824A89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F580399B-7F72-44FD-93B6-39F2AC05E60E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FD921F73-0F48-4072-8504-9A0D6322D990}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{0354BF26-4B7A-4571-A85E-0CE4B2ED777E}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{03834A79-FDE1-44CC-BCD6-85A149B2F867}C:\users\julian\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\julian\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
"TCP Query User{05C28294-03AC-4633-9648-220838C9709D}C:\users\julian\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\julian\downloads\utorrent.exe |
"TCP Query User{122F5F7F-0E17-4874-8151-EE2E82E1CED8}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{12D10C46-EC74-47FC-980E-CCE7A97CB7E6}C:\users\julian\appdata\local\temp\ixp001.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\julian\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
"TCP Query User{13C7F99D-B207-422F-92F2-004EC723752A}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{13F5C37D-9DBB-4A8F-AFE8-088BBEA400B0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{149504AE-59E9-4D2E-84A6-F1BAA371F77D}C:\windows\system32\svchospt.exe" = protocol=6 | dir=in | app=c:\windows\system32\svchospt.exe |
"TCP Query User{153707B9-019C-4A80-A49C-57E3C11405C7}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{15FF33E8-186A-42CF-BE99-C707252E9986}C:\users\julian\appdata\local\temp\ixp001.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\julian\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
"TCP Query User{17D7F7BD-D5BC-40DD-9B71-47857725BA5B}C:\users\julian\downloads\rechner.exe" = protocol=6 | dir=in | app=c:\users\julian\downloads\rechner.exe |
"TCP Query User{27AC1A18-6FB7-4535-8CFA-7EF3A4B8012B}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{27D8C42B-D7E1-4CC6-895F-C870A3AA3105}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{2B28B5B5-AA75-44B5-ABFC-C1DCE9D8E0D4}C:\program files\netlogo 4.1\netlogo 4.1.exe" = protocol=6 | dir=in | app=c:\program files\netlogo 4.1\netlogo 4.1.exe |
"TCP Query User{2C743D3C-049F-4F0C-8F57-036EA80AF7B7}C:\users\julian\desktop\s.e\bifrost 1.2.1d\bifrost.exe" = protocol=6 | dir=in | app=c:\users\julian\desktop\s.e\bifrost 1.2.1d\bifrost.exe |
"TCP Query User{373E0337-B97A-431D-A7FE-C4A8BB6A185B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{3D38125B-638B-41DD-A45D-F7CFD471976D}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{40446B0F-2F75-498C-8552-C646B459BC28}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{41761503-503A-4BA5-9726-802A05F1C9EB}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"TCP Query User{44F1DA18-5F45-4119-8FF5-6239E737E2E3}H:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=h:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{4773E708-8CA5-4234-A592-63DC4E33247A}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"TCP Query User{5AA53710-9970-4B1F-BAA5-36998428BEB8}C:\users\julian\desktop\italc-1.0.9\ica.exe" = protocol=6 | dir=in | app=c:\users\julian\desktop\italc-1.0.9\ica.exe |
"TCP Query User{61DE4DC6-5B3F-4202-89A8-325AECA93538}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{627C6DC6-383C-41F5-B8D1-301C3E7CD704}C:\users\julian\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\julian\downloads\utorrent.exe |
"TCP Query User{6940CA00-64DA-4D7A-AC22-41E0CF7F880F}C:\program files\cheat engine\cheat engine server.exe" = protocol=6 | dir=in | app=c:\program files\cheat engine\cheat engine server.exe |
"TCP Query User{6D274962-5720-4BEA-BA85-99646F67CBF0}C:\program files\wolfenstein - server\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - server\et.exe |
"TCP Query User{700B499C-D86C-4FB6-A606-541965AA5C18}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{760B5A06-0E43-49D0-8D9E-6469A5A35637}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{89BFEDAE-6541-4D92-97EB-DFFD3AB7DA33}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{938870F3-58B6-4603-B7E6-19282CE9E8C6}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe |
"TCP Query User{9464D2C7-9647-4688-A085-ECB5210BA2BC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9B618858-B761-4E49-942C-092A0C9D11B3}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=6 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe |
"TCP Query User{9EA651C9-38A5-4873-82D7-F65429A91024}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{9FAFA3A9-1F66-4B12-BE1C-884F63DE61A2}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{A0F01D49-868D-4CDA-954B-69C424AE18B0}C:\program files\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files\cain\cain.exe |
"TCP Query User{A4E66E0F-1C92-4B63-80B2-CBFF938B3252}H:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=h:\xampp\apache\bin\apache.exe |
"TCP Query User{AD2BE947-351A-47CB-9B94-600D3D4EFE70}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{AF7F5E64-41D9-433D-9DE1-B79AA649139D}C:\users\julian\temp\teamviewer3\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\julian\temp\teamviewer3\teamviewer.exe |
"TCP Query User{AFAC7F2A-6CE4-42D8-9038-CDE9C7E061B9}C:\program files\wolfenstein - server\etded.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - server\etded.exe |
"TCP Query User{BAE3480B-011E-4895-AB8A-CA1E47B5FE03}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{C30B2B2A-72B4-431C-B6FB-DF561A8364F7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C5CC926B-A6AB-467D-8DB8-7D76B926F705}H:\lol\portableapps\cain\cain.exe" = protocol=6 | dir=in | app=h:\lol\portableapps\cain\cain.exe |
"TCP Query User{C8C6B08B-EB3F-417A-A625-F32B34370EE1}C:\users\julian\desktop\burning sand\burningsand2.exe" = protocol=6 | dir=in | app=c:\users\julian\desktop\burning sand\burningsand2.exe |
"TCP Query User{CC22A3C7-20AC-41FA-81EE-F74D2297B3AD}C:\program files\enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\enemy territory\et.exe |
"TCP Query User{CD08E52E-79C0-435D-A41C-C6F223C9139A}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{D3EB4CFE-7DD0-4794-99B7-5908022154A3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D56A5CA1-9036-4C50-9812-75F75086DE30}C:\users\julian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\julian\program files\dna\btdna.exe |
"TCP Query User{DD768E60-9054-4D09-8990-D6A387C14108}C:\users\julian\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\julian\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
"TCP Query User{E4C3E645-5698-4D16-948D-6B71A68A4AE0}C:\users\julian\desktop\rechner.exe" = protocol=6 | dir=in | app=c:\users\julian\desktop\rechner.exe |
"TCP Query User{EF758568-434E-48FD-9C67-E167C431CE7E}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{F0AEF9F5-3BE3-424E-BC32-7771BE9129A0}C:\program files\teamviewer3\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer3\teamviewer.exe |
"TCP Query User{F7817C14-1E51-4512-8863-46CCB0EE199B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F7DB51C3-0D16-41A5-9598-61B4DAD6F520}C:\windrop\eggdrop.exe" = protocol=6 | dir=in | app=c:\windrop\eggdrop.exe |
"TCP Query User{FE9B9D25-B367-43F3-8CE4-17529A7522F2}C:\users\julian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\julian\program files\dna\btdna.exe |
"UDP Query User{00F6A205-42AC-45F4-879C-D7289ADED7EC}C:\program files\teamviewer3\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer3\teamviewer.exe |
"UDP Query User{030FBD44-609A-40CF-AD54-116CEADA8A25}C:\program files\wolfenstein - server\etded.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - server\etded.exe |
"UDP Query User{0476AAEC-A611-4B6F-8C5A-616701BDAAEB}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{0E0508BA-CEB5-4311-AB4D-4EC9532B3ACB}C:\users\julian\desktop\burning sand\burningsand2.exe" = protocol=17 | dir=in | app=c:\users\julian\desktop\burning sand\burningsand2.exe |
"UDP Query User{1E034CE0-E396-4FE3-B65A-F2D15B3E44A3}C:\program files\enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\enemy territory\et.exe |
"UDP Query User{1F477991-13F3-44AD-B511-DCC0833962BE}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"UDP Query User{2354914B-4C07-4154-B134-78B6E6545A8E}C:\users\julian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\julian\program files\dna\btdna.exe |
"UDP Query User{2FA5AA53-5DAC-4C8D-B4D1-0716B2F88560}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{38813E22-E5C8-49DE-B3EB-211432E9FAE4}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{448BCCE3-EC4F-45AF-9317-86F47947C3EE}C:\users\julian\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\julian\downloads\utorrent.exe |
"UDP Query User{4A549B1C-CF10-404E-ADBD-BC772B0FFD8E}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"UDP Query User{4B102135-CEA6-4ADC-9A34-B7B1D74E1CA4}C:\users\julian\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\julian\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
"UDP Query User{4D4217E7-A430-4E29-BCE6-2A7077EDC020}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{514C689A-FC3B-4873-9EC2-994596FBDFCC}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{52993478-3D69-4AA6-BCD1-1531B1F6B849}C:\users\julian\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\julian\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
"UDP Query User{54164C38-3FE8-40F0-B67E-0882D8916631}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{5698165B-10FC-46A9-97F3-917E0345D715}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{5A7A0FD8-39A0-4183-B0D7-6EB1B3EAA72C}C:\users\julian\desktop\italc-1.0.9\ica.exe" = protocol=17 | dir=in | app=c:\users\julian\desktop\italc-1.0.9\ica.exe |
"UDP Query User{5AB3BEA5-50BD-4817-A971-1D169380BA83}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{60EDDDFD-0DC2-436F-B873-2EBEA67507EA}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{60FCB982-6338-4DD8-8625-FF159A2B53E7}H:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=h:\xampp\apache\bin\apache.exe |
"UDP Query User{68B639A6-0AB9-4702-882F-F9BD5C1F2CBB}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{6A48BFDA-B438-4238-B6C6-3B9E06355EC7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{6C56291E-B0A1-4F01-98CE-8DFC1252569D}H:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=h:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{6E2BEE80-D9A1-40FC-BD1C-F2027069EADA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6E503634-4561-4918-A5B4-38BA71B48851}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{734268C4-F599-4307-A4C3-95034A79C2C3}C:\users\julian\desktop\rechner.exe" = protocol=17 | dir=in | app=c:\users\julian\desktop\rechner.exe |
"UDP Query User{858302E3-A8A6-4B74-8D47-86A9E28E8904}C:\program files\cheat engine\cheat engine server.exe" = protocol=17 | dir=in | app=c:\program files\cheat engine\cheat engine server.exe |
"UDP Query User{91731AE2-D6C2-4408-B49E-849EA5B2C4CC}C:\windows\system32\svchospt.exe" = protocol=17 | dir=in | app=c:\windows\system32\svchospt.exe |
"UDP Query User{9DEB289C-D6F7-4C8D-BCFF-1E741F5DBE7C}C:\users\julian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\julian\program files\dna\btdna.exe |
"UDP Query User{A51522F2-9031-4B26-B067-FF9E3061BC3F}C:\users\julian\downloads\rechner.exe" = protocol=17 | dir=in | app=c:\users\julian\downloads\rechner.exe |
"UDP Query User{AF9AB2B9-CBE5-4C08-B989-8D00375840F0}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{B01C2B9B-D21A-4B76-8D28-366830DD9E18}C:\windrop\eggdrop.exe" = protocol=17 | dir=in | app=c:\windrop\eggdrop.exe |
"UDP Query User{B19048EF-62F8-4375-A0C2-4DA29E77012F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B1C17ED8-5B7A-485F-9019-C5894DAC05B2}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B90FD96A-D7B9-478B-8042-EA71EA10159C}C:\program files\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files\cain\cain.exe |
"UDP Query User{B9C3398D-4D15-47A8-AFF2-64388E4B7A85}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C421AC43-4C86-4133-825C-A92E0020536C}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe |
"UDP Query User{C4EAE998-B0B5-4917-9A99-BAFF4BBA72E7}C:\users\julian\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\julian\downloads\utorrent.exe |
"UDP Query User{C5EE111F-7A0C-45CC-BD21-4CF376AE7750}H:\lol\portableapps\cain\cain.exe" = protocol=17 | dir=in | app=h:\lol\portableapps\cain\cain.exe |
"UDP Query User{C63AAE5B-C6C0-479C-BB71-7DCF1DD1E7FA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{CB65BB66-8F4E-45E9-A29A-641D0A59541F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CE10F139-3546-43C0-8EF9-17E482237164}C:\program files\netlogo 4.1\netlogo 4.1.exe" = protocol=17 | dir=in | app=c:\program files\netlogo 4.1\netlogo 4.1.exe |
"UDP Query User{D07D49B8-D2FF-4FFF-AC20-6F23CA917878}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{D28F585B-C050-4562-BCE3-39C7557F9553}C:\users\julian\appdata\local\temp\ixp001.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\julian\appdata\local\temp\ixp001.tmp\smpcsetup.exe |
"UDP Query User{D47205E4-7CA6-4669-A816-138FD50EBE7C}C:\program files\wolfenstein - server\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - server\et.exe |
"UDP Query User{D6136FA1-C37A-4258-BD28-B15DA5FE2896}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D70C5FC6-D869-4094-9B48-9192D9AB9D42}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{DA05A3A1-EC95-48E6-AB14-5990606CD046}C:\users\julian\appdata\local\temp\ixp001.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\julian\appdata\local\temp\ixp001.tmp\smwinvnc.exe |
"UDP Query User{DDE9401B-F31B-4B6F-A05F-7F7C63909EE5}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{EE5D9E95-1905-4EA1-AF3B-B12D7BCF371B}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{EEA5AB14-DA48-4DED-A95D-8F562E5B63E8}C:\users\julian\temp\teamviewer3\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\julian\temp\teamviewer3\teamviewer.exe |
"UDP Query User{F367359A-0A17-4217-949E-FA58EA188415}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=17 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe |
"UDP Query User{F85418AA-4A4A-4B42-A31B-E12D4AC4C163}C:\users\julian\desktop\s.e\bifrost 1.2.1d\bifrost.exe" = protocol=17 | dir=in | app=c:\users\julian\desktop\s.e\bifrost 1.2.1d\bifrost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2000
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{3205CBA3-B3DA-4392-9120-0619CF429372}" = Ragnarok
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36AD59A7-6094-461A-B990-8E60759778B1}" = PhotoFuff
"{3A862C7D-0504-48BC-AEF8-7F7479C7C158}" = Apache HTTP Server 2.0.63
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EB47E4E-AEA2-4DCD-BC4C-7191D4E1B3EF}" = VAIO Content Metadata XML Interface Library
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{406AD3D7-F5BB-49C1-A280-6BCB5F6BC099}" = MySQL Server 5.0
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4AA0CF6F-2C23-4A29-9A3B-CF68207755B4}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN 1.6.7.18415 (32 bit)
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5E6ACA2E-60D5-461C-8FD3-04BA9C174B27}_is1" = Mouse Recorder Pro 1.3
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{666524AE-8EFB-4992-ABE5-C52A62C92407}" = ET Starter Pro
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B34251B-AB68-4b47-AA5E-09B50EFE41A0}" = Battlefield Heroes (PTE)
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6E1205BF-25BC-44A5-B10E-34402BFF5D45}" = PHP 5.2.6
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A94FC37E-7B91-482D-8273-8DEFDC2E30B3}_is1" = SQLRiP 3.6 Professional
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}" = VAIO Content Metadata XML Interface Library
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B87A01CD-CE69-413B-BA7D-037EB63BB353}" = Click to Disc Editor 1.1 Upgrade
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BF8445C9-CD09-4A7A-85A2-C2528E73BEFB}" = Spawntimer ET
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CC85B598-5643-4FD0-9AD9-B7B551D2F435}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E5B72007-07C9-4E67-B29E-696073F45704}" = DropMyRights
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}" = Razer Krait
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dt icon module" =
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free FLV Converter_is1" = Free FLV Converter V 5.9.1
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Game Booster_is1" = Game Booster
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"gtfirstboot Setting Request" =
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.2.1.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.12
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{B87A01CD-CE69-413B-BA7D-037EB63BB353}" = Click to Disc Editor 1.1 Upgrade
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Live 8.1.1" = Live 8.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"MarketingTools" = Vaio Marketing Tools
"Messenger Plus! Live" = Messenger Plus! Live
"MessengerDiscovery 2.1_is1" = MessengerDiscovery 2.1.79
"MessengerDiscovery_is1" = MessengerDiscovery 1.5.0800
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"mIRC" = mIRC
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MyDefrag_is1" = MyDefrag v4.1.2
"NETCommOCX" = NETCommOCX
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Omni-Bot ET" = Omni-Bot ET 0.66 STABLE
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 3.2.0-1
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"Process_Hacker_is1" = Process Hacker 1.11
"Proxifier_is1" = Proxifier version 2.8
"PunkBusterSvc" = PunkBuster Services
"Rcon_Unlimited_1.0" = Rcon Unlimited 1.0
"RealPlayer 6.0" = RealPlayer
"Sandboxie" = Sandboxie 3.30
"StuffPlug3" = StuffPlug 3
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 3" = TeamViewer 3
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VAIO Help and Support" =
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" =
"VAIO_Premiere" =
"VAIO_Standard" =
"VirtualCloneDrive" = VirtualCloneDrive
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player
"NoNameScript" = NNScript
"SwiftKit" = SwiftKit
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
18.08.2010, 12:49
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | winhelp.exe TrojanerZitat:
__________________ |
|
19.08.2010, 19:21
| #3 |
| | winhelp.exe Trojaner Das war ein Tutorial zum Reversen, ich glaube aber nicht das es etwas mit dem Virus zu tun hat, da ich es entweder garnicht benutzt habe und wenn dann schon ca. 1-2 Monate vor den Symptomen und der Virusmeldung.
__________________ |
|
19.08.2010, 19:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | winhelp.exe Trojaner Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{8579a099-2b1e-11dd-bfce-001a80a47407}\Shell\AutoRun\command - "" = H:\init.bat -- File not found
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0C1EFF69
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.08.2010, 20:07
| #5 |
| | winhelp.exe Trojaner Beim ersten Versuch kam die Anzeige von Vista das das Programm nicht richtig ausgeführt wurde, der zweite Versuch hat dann aber geklappt. Hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8579a099-2b1e-11dd-bfce-001a80a47407}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8579a099-2b1e-11dd-bfce-001a80a47407}\ not found.
File H:\init.bat not found.
Unable to delete ADS C:\ProgramData\TEMP:0C1EFF69 .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Julian
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 279282807 bytes
->Java cache emptied: 36370264 bytes
->FireFox cache emptied: 125732077 bytes
->Opera cache emptied: 20611393 bytes
->Flash cache emptied: 15880858 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 28416 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83920467 bytes
RecycleBin emptied: 1364055073 bytes
Total Files Cleaned = 1.837,00 mb
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_205130
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
19.08.2010, 20:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | winhelp.exe Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> winhelp.exe Trojaner |
|
19.08.2010, 21:02
| #7 |
| | winhelp.exe Trojaner Hier das Combofix Log: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-18.04 - *** 19.08.2010 21:34:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1862 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\VirusOrdner\Bekämpfung\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\program files\Hotspot Shield\hssie\HsSIe.dll
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\***\AppData\Local\Windows Server
c:\users\***\AppData\Local\Windows Server\admin.txt
c:\users\***\AppData\Local\Windows Server\flags.ini
c:\users\***\AppData\Local\Windows Server\hlp.dat
c:\users\***\AppData\Local\Windows Server\server.dat
c:\users\***\AppData\Local\Windows Server\uses32.dat
c:\windows\Downloaded Program Files\Install.inf
c:\windows\My.ini
c:\windows\system32\Codejock.Controls.v12.0.1.ocx
c:\windows\system32\Ijl11.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-19 bis 2010-08-19 ))))))))))))))))))))))))))))))
.
2010-08-19 18:48 . 2010-08-19 18:48 -------- d-----w- C:\_OTL
2010-08-17 23:56 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-17 23:56 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-17 23:56 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-17 23:56 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-17 23:56 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-17 23:48 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-17 23:48 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-17 23:48 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-17 23:48 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-17 23:48 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-17 23:48 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-17 23:48 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-17 23:48 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-17 23:48 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-17 23:48 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-16 23:02 . 2010-08-16 23:02 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-08-16 23:02 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 23:02 . 2010-08-16 23:02 -------- d-----w- c:\programdata\Malwarebytes
2010-08-16 23:02 . 2010-08-16 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 23:02 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 13:06 . 2010-08-17 23:32 -------- d-----w- c:\users\***\AppData\Local\Windows
2010-08-06 11:04 . 2010-08-02 17:44 225416 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
2010-08-06 00:35 . 2010-08-06 00:35 -------- d-----w- c:\windows\.jagex_cache_32
2010-08-04 23:04 . 2010-08-04 23:04 -------- d-----w- c:\users\***\.jagex_cache_32
2010-07-21 16:04 . 2009-12-23 16:30 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-07-21 16:04 . 2009-12-23 16:30 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-07-21 16:00 . 2010-07-21 16:00 -------- d-----w- c:\program files\Ableton
2010-07-21 15:43 . 2010-07-12 09:32 822784 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 19:20 . 2009-09-12 22:46 -------- d-----w- c:\program files\CCleaner
2010-08-19 19:18 . 2010-05-21 10:18 -------- d-----w- c:\users\***\AppData\Roaming\Abine
2010-08-19 19:00 . 2008-06-09 18:32 -------- d-----w- c:\programdata\Google Updater
2010-08-19 18:56 . 2008-05-29 20:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-19 18:55 . 2007-11-02 09:52 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-19 18:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-19 18:45 . 2009-09-04 17:53 99 ----a-w- c:\users\***\jagex_runescape_preferences2.dat
2010-08-19 17:41 . 2010-04-01 17:25 51 ----a-w- c:\users\***\jagex__preferences3.dat
2010-08-19 17:41 . 2008-07-08 14:16 46 ----a-w- c:\users\***\jagex_runescape_preferences.dat
2010-08-18 00:14 . 2007-11-02 12:31 -------- d-----w- c:\programdata\Microsoft Help
2010-08-18 00:00 . 2006-11-02 15:33 628742 ----a-w- c:\windows\system32\perfh007.dat
2010-08-18 00:00 . 2006-11-02 15:33 126260 ----a-w- c:\windows\system32\perfc007.dat
2010-08-17 23:57 . 2007-11-02 12:32 -------- d-----w- c:\program files\Microsoft.NET
2010-08-17 23:31 . 2008-05-25 07:37 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-08-17 22:09 . 2008-05-29 15:53 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-08-16 22:18 . 2008-05-24 17:31 8944 ----a-w- c:\users\***\AppData\Local\d3d9caps.dat
2010-08-16 21:19 . 2008-05-31 18:39 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-16 21:19 . 2008-05-31 18:39 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-15 13:09 . 2010-07-20 12:26 -------- d-----w- c:\program files\Opera
2010-08-06 00:39 . 2008-10-18 20:19 -------- d-----w- c:\program files\SwiftKit
2010-07-21 16:20 . 2010-05-01 09:49 -------- d-----w- c:\users\***\AppData\Roaming\Ableton
2010-07-21 15:39 . 2009-12-14 08:57 -------- d-----w- c:\users\***\AppData\Roaming\uTorrent
2010-07-10 21:21 . 2010-07-10 21:21 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-06 11:58 . 2010-07-07 08:09 1328504 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-07-06 11:58 . 2010-07-07 08:09 724992 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-07-01 19:22 . 2010-07-01 19:22 -------- d-----w- c:\program files\ElcomSoft
2010-06-28 14:56 . 2010-06-28 14:56 -------- d-----w- c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-28 14:56 . 2008-09-13 14:12 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-26 06:05 . 2010-08-17 23:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-17 23:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-17 23:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-17 23:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 20:27 . 2010-01-29 14:59 -------- d-----w- c:\program files\7-Zip
2010-06-23 16:30 . 2009-09-09 13:44 -------- d-----w- c:\program files\Cheat Engine
2010-06-18 17:31 . 2010-08-17 23:49 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-17 23:49 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-17 23:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-13 21:26 . 2010-06-13 21:26 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-11 16:15 . 2010-08-17 23:49 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 21:31 . 2008-05-24 17:31 83984 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Hidie"="c:\users\***\WindowHidie.exe" [2008-04-08 159744]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"Skype. Take a deep breath"=c:\progra~1\Skype\Phone\Skype.exe
"ICQ"="c:\program files\ICQ6\ICQ.exe" silent
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2f,8c,60,e2,23,4b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3072177993-2518604005-2827483147-1000]
"EnableNotificationsRef"=dword:00000002
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 135664]
R3 B-Service;B-Service;c:\users\***\AppData\Roaming\Mikogo\B-Service.exe [2009-03-02 185640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464]
R3 cpuz129;cpuz129;c:\users\***\AppData\Local\Temp\cpuz_x32.sys [x]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2010-02-09 5568]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-09 104960]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 20:11]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 20:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Compare Prices with &Dealio - c:\users\***\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: ***pc
TCP: {5741BBCB-D570-41E7-978A-8A9687E52169} = 10.4.56.1
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.26.0.cab
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://193.138.213.160/MpegInst.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\extensions\isadmin@vdtsoftware.ffext\components\isadmin.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\users\***\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a2v173gm.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\***\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-19 21:44
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-19 21:48:45
ComboFix-quarantined-files.txt 2010-08-19 19:48
Vor Suchlauf: 17 Verzeichnis(se), 37.878.484.992 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 37.826.494.464 Bytes frei
- - End Of File - - 0B585FD49646519B94E082230FBCE6E3
|
|
19.08.2010, 21:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | winhelp.exe Trojaner Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2010, 16:51
| #9 |
| | winhelp.exe Trojaner ok das gmer Log das andere kommt später: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-20 17:49:56
Windows 6.0.6002 Service Pack 2
Running: et5sok8u.exe; Driver: C:\Users\Julian\AppData\Local\Temp\uxlcypod.sys
---- System - GMER 1.0.15 ----
SSDT A3384DAC ZwCreateThread
SSDT A3384D98 ZwOpenProcess
SSDT A3384D9D ZwOpenThread
SSDT A3384DA7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 824BF984 4 Bytes [AC, 4D, 38, A3]
.text ntkrnlpa.exe!KeSetEvent + 3F1 824BFB54 4 Bytes [98, 4D, 38, A3]
.text ntkrnlpa.exe!KeSetEvent + 40D 824BFB70 4 Bytes [9D, 4D, 38, A3]
.text ntkrnlpa.exe!KeSetEvent + 621 824BFD84 4 Bytes [A7, 4D, 38, A3]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x92603340, 0x3441C7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[3680] SHELL32.dll!SHFileOperationW 76D868E8 5 Bytes JMP 040C1102 C:\Program Files\Unlocker\UnlockerHook.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74877817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7487BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7486F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7486E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7487DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7486FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7486FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [748FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7489C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7486D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74866853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7486687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74872AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb56facb
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb58469d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d897337
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d897337@001ea3282829 0x07 0x8F 0x37 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d897337@000e07ddaae7 0x7E 0x99 0x9A 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfb56facb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfb58469d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d897337 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d897337@001ea3282829 0x07 0x8F 0x37 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d897337@000e07ddaae7 0x7E 0x99 0x9A 0x2B ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:56:09 on 20.08.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "copperhd.cpl" - "Razer Inc." - C:\Windows\system32\copperhd.cpl "krait.cpl" - "Razer Inc." - C:\Windows\system32\krait.cpl "razer.cpl" - "Razer Inc." - C:\Windows\system32\razer.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl "Nero BurnRights" - ? - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Julian\AppData\Local\Temp\catchme.sys (File not found) "cpuz129" (cpuz129) - ? - C:\Users\Julian\AppData\Local\Temp\cpuz_x32.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "Hotspot Shield Helper Miniport" (HssDrv) - "AnchorFree Inc." - C:\Windows\System32\DRIVERS\HssDrv.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\Windows\system32\mbmiodrvr.sys "NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - ? - C:\Windows\system32\NSNDIS5.SYS (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TAP VPN Adapter" (tapvpn) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tapvpn.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "USB Mouse Rate Adjuster Lower Filter by SweetLow" (hidusbf) - "SweetLow" - C:\Windows\System32\DRIVERS\hidusbf.sys "uxlcypod" (uxlcypod) - ? - C:\Users\Julian\AppData\Local\Temp\uxlcypod.sys (Hidden registry entry, rootkit activity | File not found) "VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\Windows\System32\DRIVERS\vmnetadapter.sys (File not found) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll {30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll {C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "Dealio" - ? - (File not found | COM-object registry key not found) ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {784797A8-342D-4072-9486-03C8D0F2F0A1} "Battlefield Heroes Updater" - "EA Digital Illusions CE AB" - C:\Windows\Downloaded Program Files\BFHUpdater.dll / https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.26.0.cab {4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\Windows\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} "Musicnotes Viewer" - "Musicnotes, Inc." - C:\Windows\Downloaded Program Files\mnviewer.dll / hxxp://www.musicnotes.com/download/mnviewer.cab {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} "pmpeg4cam Class" - "Panasonic Communications Co., Ltd." - C:\Windows\system32\pmpeg4cam.dll / hxxp://193.138.213.160/MpegInst.cab {34635AA6-B593-4F06-9EDD-5FF60FC13310} "Speaky Chat" - "SpeakyChat" - C:\Windows\DOWNLO~1\SPEAKY~1.OCX / hxxp://download.speakyweb.com/speakyldr.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {9F038672-0425-4792-BC9C-36DE3308E8AA} "Dealio" - ? - (File not found | COM-object registry key not found) "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {86529161-034E-4F8A-88D2-3C625E612E04} "Run WinHTTrack" - ? - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll "Sothink SWF Catcher" - ? - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "Dealio" - ? - (File not found | COM-object registry key not found) {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll AutorunsDisabled "AutorunsDisabled" - ? - (File not found | COM-object registry key not found) {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) {6A87B991-A31F-4130-AE72-6D0C294BF082} "{6A87B991-A31F-4130-AE72-6D0C294BF082}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Window Hidie" - "Xigga" - C:\Users\Julian\WindowHidie.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Copperhead" - ? - C:\Program Files\Razer\Copperhead\razerhid.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "razer" - ? - C:\Program Files\Razer\Copperhead\razerhid.exe "UnlockerAssistant" - ? - "C:\Program Files\Unlocker\UnlockerAssistant.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "B-Service" (B-Service) - ? - C:\Users\Julian\AppData\Roaming\Mikogo\B-Service.exe (File found, but it contains no detailed information) "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Hotspot Shield Helper Service" (HssSrv) - "AnchorFree Inc." - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe "Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (File found, but it contains no detailed information) "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe "VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe "VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe "VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe "VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe "VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe "VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe "VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe "VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "Proxifier NSP" - " " - C:\Windows\system32\PrxerNsp.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "PROXIFIER LSP" - "Initex Software" - C:\Windows\system32\PrxerDrv.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBR: Code:
ATTFilter
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`a2a00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Done;
Geändert von Systemless (20.08.2010 um 16:59 Uhr) |
|
22.08.2010, 17:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | winhelp.exe Trojaner Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu winhelp.exe Trojaner |
| 32 bit, alternate, antivir guard, avg, avgntflt.sys, avira, bho, bifrose.trace, bonjour, browser, compare, components, converter, corp./icp, data restore, desktop, error, firefox, fontcache, google, hijack, hijackthis, home premium, hotspot, hotspot shield, iastor.sys, install.exe, internet explorer, intranet, launch, local\temp, location, locker, malware.packer, microsoft office word, monitor, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, opera.exe, otl.exe, plug-in, preferences, problem, programdata, rundll, saver, schnelle hilfe, searchplugins, security update, shell32.dll, skype.exe, software, svchospt.exe, symantec, torrent.exe, trojane, trojaner, user agent, vista, windows, winhelp.exe |
Linear-Darstellung
