Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.01.2011, 19:04   #1
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Hallo,

Bin leider auf dem Gebiet Viren ein ziemlicher Neuling und habe mir seit Gestern scheinbar so ein Teil eingefangen. Antivir erkennt bei mir folgende Datei als schädliche Malware oben genannter Bezeichnung: C:\ProgramData\wietulopto.tmp

Wenn ich auf "Delete" gehe, erscheint die Meldung wenige Sekunden später sofort wieder. Ich habe bereits nach dem Virus gegoogelt, aber keine richtig funktionsfähige Lösung gefunden. Auf meinem PC hat sich bisher noch nichts bemerkbar gemacht, außer dass mich die ständige Meldung ziemlich beim Arbeiten nervt.

Wisst ihr Rat?

Besten Dank im Voraus!

Alt 11.01.2011, 19:51   #2
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Hallo Desolation und Willkommen am Trojaner Board!



Vorweg ein paar Hinweise (Bitte beachten!):

  • Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
  • Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst.
  • Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
  • Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
  • Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
  • Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
  • Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
  • Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis



Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:




1.) Avira Antivir - Was wurde gefunden?

Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
  • Starte Avira Antivir
  • Unter dem Reiter Übersicht auf Ereignisse klicken
  • Dort bitte überprüfen, dass oben Alle angehakt sind und unter Filter nur das Kästchen Fund, die anderen bitte auslassen.
  • Alle Funde markieren (Sofern vorhanden)
  • Oben auf den runden Pfeil klicken (Ausgewählte Ereignisse exportieren)
  • Unter dem vorgegebenen Namen abspeichern und den Inhalt dieser .txt-Datei hier ebenfalls posten.






2.) Dateiüberprüfung auf Virustotal
Besuche Virustotal
Suche dort folgende Datei und lade sie über den Button "Send file" hoch.
Code:
ATTFilter
C:\ProgramData\wietulopto.tmp
         
Die Überprüfung kann einige Minuten dauern. Wenn die Datei bereits von anderen Usern geprüft wurde, lasse sie erneut prüfen. Poste mir die Ergebnisse mit Kopf und allem in Codetags hier in den Thread.
Wenn die Datei nicht zu finden ist, sag mir bitte Bescheid.





3.) Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

__________________

Alt 11.01.2011, 20:14   #3
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Also Schritt zwei funktioniert nicht, wenn ich die Datei hochladen will, kommt: Sie haben keine Berechtigung die Datei auszuführen.

Den Rest habe ich gemacht. Schonmal Danke.
__________________

Alt 11.01.2011, 20:42   #4
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Sorry, bitte poste die Logs direkt in den Thread, das macht mir die Auswertung einfacher
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 11.01.2011, 21:00   #5
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Exported events:

11.01.2011 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\ProgramData\wietulopto.tmp.
Action performed: Deny access

11.01.2011 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\ProgramData\wietulopto.tmp.
Action performed: Deny access

11.01.2011 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\ProgramData\wietulopto.tmp.
Action performed: Deny access

11.01.2011 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\ProgramData\wietulopto.tmp.
Action performed: Deny access

11.01.2011 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\ProgramData\wietulopto.tmp.
Action performed: Deny access

11.01.2011 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\ProgramData\wietulopto.tmp.
Action performed: Deny access

11.01.2011 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\ProgramData\wietulopto.tmp.
Action performed: Deny access

...und tausendfach so weiter...


----------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.01.2011 21:00:48 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 569,15 Gb Free Space | 61,10% Space Free | Partition Type: NTFS
 
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe
PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.03.31 19:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe
PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe
PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.20 18:45:30 | 001,857,838 | -H-- | M] () [Auto | Stopped] -- C:\ProgramData\wietulopto.dat -- (SENS)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.4.15
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 19:45:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M]
 
[2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions
[2011.01.11 07:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.27 15:22:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.08.25 09:23:09 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\illimitux@illimitux.net
[2010.05.27 15:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\staged-xpis
[2011.01.11 17:14:46 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml
[2011.01.11 17:14:46 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml
[2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.02.25 19:41:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.02.25 19:41:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\wietulopto.tmp) - C:\ProgramData\wietulopto.tmp ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - c:\progra~2\wietulopto.dat - c:\ProgramData\wietulopto.dat ()
O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\Shell - "" = AutoRun
O33 - MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.11 20:59:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.11 20:40:53 | 000,000,000 | ---D | C] -- C:\avrescue
[2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira
[2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.19 16:20:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Rock The Nation 2010
[2010.12.15 11:16:07 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 11:16:07 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 11:16:07 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 11:16:05 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 11:16:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 11:16:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.15 11:15:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 11:15:54 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 11:15:53 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 11:15:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 11:15:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 11:15:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.15 11:15:53 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.12.15 11:15:53 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 11:15:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.15 11:15:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 11:15:52 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 11:15:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 11:15:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.01.11 20:57:29 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.11 20:57:29 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.11 20:54:29 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ecfqsq.sys
[2011.01.11 19:04:36 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.11 19:04:27 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.01.11 18:57:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.11 18:57:25 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.11 17:06:29 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job
[2011.01.10 14:41:27 | 000,012,392 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel
[2011.01.09 22:58:19 | 000,066,560 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc
[2011.01.09 16:22:39 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.09 16:22:39 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.09 16:22:39 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.09 16:22:39 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.09 12:21:45 | 000,000,680 | ---- | M] () -- C:\Users\Patrick\AppData\Local\d3d9caps.dat
[2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc
[2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc
[2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc
[2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc
[2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png
[2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc
[2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc
[2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc
[2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.17 11:33:18 | 000,320,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.15 12:30:00 | 000,037,376 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc
[2010.12.13 17:45:43 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Hellveto - Wiara, nadzieja..., potepienie.doc
[2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.11 20:54:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ecfqsq.sys
[2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 14:41:27 | 000,012,392 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel
[2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc
[2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc
[2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc
[2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc
[2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc
[2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc
[2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc
[2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png
[2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc
[2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc
[2010.12.18 21:38:34 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc
[2010.12.13 17:45:43 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Hellveto - Wiara, nadzieja..., potepienie.doc
[2010.10.20 18:45:30 | 001,857,838 | -H-- | C] () -- C:\ProgramData\wietulopto.dat
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi
[2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.04.27 11:38:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm
[2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.28 12:05:41 | 000,066,560 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.12.24 20:08:45 | 000,000,680 | ---- | C] () -- C:\Users\Patrick\AppData\Local\d3d9caps.dat
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.#
[2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC
[2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado
[2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports
[2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo
[2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2
[2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet
[2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools
[2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite
[2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro
[2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.10 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla
[2011.01.10 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0
[2011.01.11 19:03:36 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ
[2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn
[2010.12.28 22:30:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\kikin
[2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech
[2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics
[2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda
[2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream
[2011.01.07 01:21:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV
[2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws
[2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee
[2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp
[2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent
[2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft
[2011.01.11 18:57:38 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.11 17:06:29 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

-------------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.01.2011 21:00:48 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 569,15 Gb Free Space | 61,10% Space Free | Partition Type: NTFS
 
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | 
"TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | 
"TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe | 
"TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | 
"TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | 
"TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | 
"TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | 
"TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | 
"TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | 
"TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | 
"TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | 
"TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | 
"UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | 
"UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | 
"UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe | 
"UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | 
"UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | 
"UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | 
"UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | 
"UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | 
"UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | 
"UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin Plugin (NO23 Edition) 2.0
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.1.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.6.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Hamachi" = Hamachi 1.0.1.5
"Hospital" = Theme Hospital
"ImgBurn" = ImgBurn
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RayV" = RayV
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SopCast" = SopCast 3.0.3
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TV Sponsoren 2007" = TV Sponsoren 2007
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"UUSEE" = UUSee ÍøÂçµçÊÓ [4.8.307.11]
"UUSEE_base" = UUSee ²¥·Å²å¼þ»ù´¡°ü 4.8.306.18
"VLC media player" = VLC media player 1.0.5
"Vtune_is1" = Vtune 6.6
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skat-Online V7" = Skat-Online V7
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.02.2010 19:14:24 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm GTA2.EXE, Version 9.6.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 7a4  Anfangszeit: 01cab34b87ee2804  Zeitpunkt der Beendigung:
 0
 
Error - 21.02.2010 19:14:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm GTA2.EXE, Version 9.6.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 49c  Anfangszeit: 01cab34b9bed6b44  Zeitpunkt der Beendigung:
 0
 
Error - 21.02.2010 20:04:39 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.9.8.1, Zeitstempel 0x493a8cbd,
 fehlerhaftes Modul libdvdnav_plugin.dll, Version 0.0.0.0, Zeitstempel 0x493a92d3,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000100f8,  Prozess-ID 0x880, Anwendungsstartzeit
 01cab3529b8f1e5c.
 
Error - 22.02.2010 11:49:54 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.02.2010 13:23:26 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.02.2010 06:50:51 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.02.2010 07:19:37 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.02.2010 07:44:45 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2010 07:23:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 11.01.2011 13:59:47 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 11.01.2011 14:00:06 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---


Alt 11.01.2011, 22:08   #6
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Da wirst du ja richtig schlimm genervt...



1.) Deinstallation von Software
  • -> Start
  • -> Systemsteuerung
  • -> Programme und Funktionen
  • -> Programm deinstallieren
  • Wähle nun jeweils eine Software aus:
    Code:
    ATTFilter
    Skype Toolbars
    kikin Plugin (NO23 Edition)
             
  • -> ändern/entfernen und deinstallieren.


Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.

------------

Worum handelt es sich bei diesen Programmen?
Code:
ATTFilter
UUSEE & UUSEE_base
         
------------

Ich sehe außerdem, dass du Malwarebytes installiert hast. Poste mir bitte alle Logfiles, die du bisher damit erstellt hast_
Malwarebytes starten -> Reiter Logdateien -> Poste alle dort vorhandenen Logs in Codetags (Schreibe vor das Log [Code] und hinter das Log [/Code]. Achte auf das "/" !)





2.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Code:
    ATTFilter
    :OTL
    SRV - [2010.10.20 18:45:30 | 001,857,838 | -H-- | M] () [Auto | Stopped] -- C:\ProgramData\wietulopto.dat -- (SENS)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O20 - AppInit_DLLs: (C:\PROGRA~2\wietulopto.tmp) - C:\ProgramData\wietulopto.tmp ()
    O33 - MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\Shell - "" = AutoRun
    O33 - MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    [2011.01.09 12:21:45 | 000,000,680 | ---- | M] () -- C:\Users\Patrick\AppData\Local\d3d9caps.dat
    [2010.10.20 18:45:30 | 001,857,838 | -H-- | C] () -- C:\ProgramData\wietulopto.dat
    [2009.04.27 11:38:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





3.) Einstellungen prüfen
Stelle sicher, dass bei dir alle Ordner und Dateien angezeigt werden:
  • Starte den Windows Explorer (Rechtsklick auf Start -> Explorer)
  • => Extras
  • => Ordneroptionen
  • => Ansicht
  • Ändere folgende Einstellungen:
    • Entferne den Haken bei Erweiterungen bei bekannten Dateitypen ausblenden
    • Entferne den Haken bei Geschützte Systemdateien ausblenden
    • Setze den Haken bei Inhalte von Systemordnern anzeigen (Nicht in Vista vorhanden)
    • Unter "Versteckte Dateien und Ordner" setzt du den Punkt bei Alle Dateien und Ordner anzeigen





4.) Dateiüberprüfung auf Virustotal
Besuche Virustotal
Suche dort folgende Datei und lade sie über den Button "Send file" hoch.
Code:
ATTFilter
C:\Windows\System32\drivers\ecfqsq.sys
         
Die Überprüfung kann einige Minuten dauern. Wenn die Datei bereits von anderen Usern geprüft wurde, lasse sie erneut prüfen. Poste mir das Ergebniss mit Kopf und allem in Codetags hier in den Thread.
Wenn die Datei nicht zu finden ist, sag mir bitte Bescheid.





5.) Rootkitscan mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
             
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.





6.) Erneuter Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.





Poste bitte in deiner nächsten Antwort:
  • Alle Logs von Malwarebytes (Schritt 1)
  • Das Logfile vom OTL-Fixen (Schritt 2)
  • Das Ergebnis der Dateiüberprüfung auf Virustotal (Schritt 4)
  • Das Logfile vom Gmerrootkitscan (Schritt 5)
  • Die beiden neuen Logfiles vom OTL-Systemscan (Schritt 6)
__________________
--> TR/Crypt.XPACK.Gen

Alt 12.01.2011, 18:26   #7
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Bis Zum Löschen des "Viruses" hat alles geklappt. Hier sind die Logfiles:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5505

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11.01.2011 20:50:44
mbam-log-2011-01-11 (20-50-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140525
Laufzeit: 6 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Patrick\AppData\Local\Temp\e.exe (Trojan.Oficla) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
All processes killed
========== OTL ==========
Service SENS stopped successfully!
Service SENS deleted successfully!
C:\ProgramData\wietulopto.dat moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\wietulopto.tmp deleted successfully.
C:\ProgramData\wietulopto.tmp moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0817f99b-d20c-11dd-ad09-002185338359}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0817f99b-d20c-11dd-ad09-002185338359}\ not found.
File K:\Autorun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\Patrick\AppData\Local\d3d9caps.dat moved successfully.
File C:\ProgramData\wietulopto.dat not found.
C:\Windows\System32\AVSredirect.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Patrick
->Temp folder emptied: 3884294792 bytes
->Temporary Internet Files folder emptied: 132676165 bytes
->Java cache emptied: 106541041 bytes
->FireFox cache emptied: 56119006 bytes
->Google Chrome cache emptied: 6415900 bytes
->Flash cache emptied: 1795 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 1311160505 bytes
RecycleBin emptied: 608562 bytes
 
Total Files Cleaned = 5.243,00 mb
 

 
OTL by OldTimer - Version 3.2.20.1 log created on 01112011_232513

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Für Virustotal habe ich Datei allerdings nicht finden können und bei diesem Root-Kit-Teil könnte ich Anti-Vir via Task Manager leider nicht komplett schließen, da auch dort stand "Sie haben keine Berechtigung zum Zugriff". Ich habe es dann so versucht, dort ist aber mein PC abgestürzt und neu hochgefahren.

Trotzdem schonmal Vielen Vielen Dank!

Alt 12.01.2011, 18:34   #8
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Hey,
in Schritt 1 ist noch eine Frage, die du noch beantworten musst. Ausserdem solltest du mir bitte zu jedem Schritt eine kurze Rückmeldung geben, ob du alles erledigt hast. Die Einstellungen zum Sichtbarmachen aller Dateien, Ordner und Dateiendungen hast du richtig gesetzt bevor du die Datei hochladen wolltest?


Zu Avira: Rechtsklick auf den roten Aviraschirm in der Taskleiste, dann den Haken entfernen bei "Antivir Guard aktivieren". Der Schirm sollte sich dann schliessen.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 12.01.2011, 18:45   #9
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Achso, die Programme, entschuldige. Dabei handelt es sich um soetwas wie SopCast, womit man ausländische (vornehmlich chinesische) Fernsehsender empfangen kann.

Wie gesagt, bis zum Schritt mit VirusTotal hat alles funktioniert, habe die Dateien auch sichtbar gemacht, aber die von Dir angegebene ist leider nicht dabei.

Alt 12.01.2011, 18:48   #10
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Okay, dann kannst du mit dem Gmerscan weiter machen
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 12.01.2011, 19:12   #11
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Hmm, hab das jetzt noch 2x probiert, bekomme jedes Mal einen Bluescreen und mein PC stürzt ab.

Alt 12.01.2011, 19:31   #12
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Okay, das kommt bei GMER schon mal vor, mach dann mit der Anleitung weiter.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 12.01.2011, 20:17   #13
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.01.2011 21:08:33 - Run 2
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 571,46 Gb Free Space | 61,35% Space Free | Partition Type: NTFS
Drive E: | 37,26 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
 
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | 
"TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | 
"TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe | 
"TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | 
"TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | 
"TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | 
"TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | 
"TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | 
"TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | 
"TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | 
"TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | 
"TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | 
"UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | 
"UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | 
"UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe | 
"UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | 
"UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | 
"UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | 
"UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | 
"UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | 
"UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | 
"UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.1.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.6.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Hamachi" = Hamachi 1.0.1.5
"Hospital" = Theme Hospital
"ImgBurn" = ImgBurn
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RayV" = RayV
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SopCast" = SopCast 3.0.3
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TV Sponsoren 2007" = TV Sponsoren 2007
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VLC media player" = VLC media player 1.0.5
"Vtune_is1" = Vtune 6.6
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skat-Online V7" = Skat-Online V7
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2010 07:23:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 07:15:19 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 09:31:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1020  Anfangszeit: 01cab6e7fe4ce69f  Zeitpunkt der Beendigung:
 6
 
Error - 26.02.2010 09:32:11 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: e64  Anfangszeit: 01cab6e80eda6b4f  Zeitpunkt der Beendigung:
 2
 
Error - 26.02.2010 17:27:55 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 20:16:41 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.02.2010 07:38:18 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.02.2010 17:16:35 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2010 07:01:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.01.2011 14:57:36 | Computer Name = Patrick-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.01.2011 um 19:56:12 unerwartet heruntergefahren.
 
Error - 12.01.2011 14:57:37 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.01.2011 14:58:53 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2011 14:58:53 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 12.01.2011 15:00:05 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.01.2011 15:03:19 | Computer Name = Patrick-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.01.2011 um 20:01:31 unerwartet heruntergefahren.
 
Error - 12.01.2011 15:03:29 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.01.2011 15:04:38 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.01.2011 15:04:52 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2011 15:04:52 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.01.2011 21:08:33 - Run 2
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 571,46 Gb Free Space | 61,35% Space Free | Partition Type: NTFS
Drive E: | 37,26 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
 
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe
PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.07.12 17:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winamp.exe
PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.03.31 19:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe
PRC - [2009.09.03 22:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe
PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe
PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:59 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.11 23:20:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M]
 
[2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions
[2011.01.12 15:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.27 15:22:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\illimitux@illimitux.net
[2010.05.27 15:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\staged-xpis
[2011.01.11 17:14:46 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml
[2011.01.11 17:14:46 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml
[2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.11 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - c:\progra~2\wietulopto.dat - c:\progra~2\wietulopto.dat File not found
O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.11.20 20:12:37 | 000,000,000 | ---D | M] - E:\Autopsy -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.12 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.01.11 23:25:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.01.11 23:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.01.11 23:18:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.11 21:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011.01.11 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Google
[2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira
[2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.19 16:20:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Rock The Nation 2010
[2010.12.15 11:16:07 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 11:16:07 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 11:16:07 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 11:16:05 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 11:16:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 11:16:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.15 11:15:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 11:15:54 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 11:15:53 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 11:15:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 11:15:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 11:15:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.15 11:15:53 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.12.15 11:15:53 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 11:15:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.15 11:15:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 11:15:52 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 11:15:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 11:15:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.12 20:45:16 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.12 20:45:16 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.12 20:45:16 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.12 20:45:16 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.12 20:03:31 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.12 20:03:31 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.12 20:03:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.12 20:03:15 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.12 20:03:14 | 235,694,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.12 19:28:54 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.12 19:28:45 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.01.12 19:07:02 | 000,296,448 | ---- | M] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe
[2011.01.12 17:36:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job
[2011.01.12 15:53:47 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc
[2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 14:41:27 | 000,012,392 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel
[2011.01.09 22:58:19 | 000,066,560 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc
[2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc
[2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc
[2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc
[2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc
[2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png
[2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc
[2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc
[2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc
[2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.17 11:33:18 | 000,320,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.15 12:30:00 | 000,037,376 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc
 
========== Files Created - No Company Name ==========
 
[2011.01.12 19:07:01 | 000,296,448 | ---- | C] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe
[2011.01.11 23:17:27 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc
[2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 14:41:27 | 000,012,392 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel
[2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc
[2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc
[2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc
[2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc
[2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc
[2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc
[2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc
[2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png
[2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc
[2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc
[2010.12.18 21:38:34 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi
[2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm
[2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.28 12:05:41 | 000,066,560 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.#
[2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC
[2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado
[2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports
[2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo
[2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2
[2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet
[2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools
[2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite
[2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro
[2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.10 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla
[2011.01.10 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0
[2011.01.12 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ
[2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn
[2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech
[2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics
[2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda
[2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream
[2011.01.12 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV
[2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws
[2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee
[2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp
[2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent
[2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft
[2011.01.11 23:57:02 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.12 17:36:21 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 12.01.2011, 21:28   #14
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



1.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Code:
    ATTFilter
    :OTL
    O20 – Winlogon\Notify\SensLogn: DllName – c:\progra~2\wietulopto.dat – c:\ProgramData\wietulopto.dat ()c:\progra~2\wietulopto.dat File not found
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.






2.) MBRCheck
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes, ausserdem muss ich wissen, ob du mehr als ein Betriebssystem auf dem Rechner installiert hast.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 14.01.2011, 20:04   #15
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Dauert dieses Mal leider ein wenig länger, da ich gerade extrem viel zu tun habe.

Antwort

Themen zu TR/Crypt.XPACK.Gen
antivir, arbeiten, bereits, datei, erkennt, erscheint, folge, folgende, funktionsfähige, gestern, lösung, malware, meldung, neuling, nichts, programdata, richtig, schei, schädliche, sekunden, sofort, ständige, tr/crypt.xpack.ge, tr/crypt.xpack.gen, viren, virus, wenige



Ähnliche Themen: TR/Crypt.XPACK.Gen


  1. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  2. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  3. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  4. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  5. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  6. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  7. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  8. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  12. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)
  13. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  14. tr\crypt.xpack.gen2 und tr\crypt.xpack.gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (4)
  15. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  16. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  17. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)

Zum Thema TR/Crypt.XPACK.Gen - Hallo, Bin leider auf dem Gebiet Viren ein ziemlicher Neuling und habe mir seit Gestern scheinbar so ein Teil eingefangen. Antivir erkennt bei mir folgende Datei als schädliche Malware oben - TR/Crypt.XPACK.Gen...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.