Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.05.2011, 15:33   #1
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



So, ich habe ein Problem mit den oben genannten Viren,
Java-Virus JAVA/Stutter.AH wurde 1xmal gefunden und Java-Virus JAVA/Stutter.AG 2xMal
Wie gehe ich jetzt dagegen vor?
Bin ein absoluter Neuling in sachen PC's bitte um Hilfe.
Danke im Voraus

Alt 23.05.2011, 19:22   #2
kira
/// Helfer-Team
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse
jeden Fund markieren => Rechtsklick auf Funde => Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________

__________________

Alt 26.05.2011, 20:52   #3
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6674

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

25.05.2011 17:43:47
mbam-log-2011-05-25 (17-43-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 355900
Laufzeit: 1 Stunde(n), 5 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{003541A1-3BC0-1B1C-AAF3-040114001C01} (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SwUpdate (Trojan.Agent) -> Value: SwUpdate -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Bad: (C:\PROGRA~2\\MACROM~1\SWFUPD~1\swfupdate.dll) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Washer2.rar (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\macromedia\swfupdate\swfupdate.dll (Trojan.Agent) -> Delete on reboot.
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\K72RMM3K\users_root_file_file[1].exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\Washer2.rar\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
OTL logfile created on: 25.05.2011 18:26:26 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Alex\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 26,86% Memory free
4,24 Gb Paging File | 1,94 Gb Available in Paging File | 45,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,50 Gb Total Space | 59,17 Gb Free Space | 50,79% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS
Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS
 
Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alex\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Progfiles\Adobe\Reader8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Progfiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Alex\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gusvc) --  File not found
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_8832f4b.dll ()
SRV - (AntiVirSchedulerService) -- C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Progfiles\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (PLCNDIS5) -- C:\Windows\System32\PLCNDIS5.SYS (Intellon, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goggle.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:3128
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su="
FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su="
FF - prefs.js..network.proxy.share_proxy_settings: true
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Windows\system32\config\systemprofile\AppData\Roaming\5015 [2011.05.01 14:14:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 19:01:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.02.20 14:37:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2011.05.15 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions
[2011.05.07 14:01:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.12 06:42:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.07 14:01:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.12 06:42:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com
[2011.05.15 19:03:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\support@lastpass.com
[2011.05.16 06:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.05.21 14:29:02 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ALEX\APPDATA\ROAMING\5015
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DI26CSR.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\progfiles\Adobe\Reader8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\ProgFiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 67108800
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.25 14:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2011.05.24 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2011.05.24 16:03:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.24 16:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.05.24 16:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.24 16:03:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.24 16:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.24 15:58:33 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll
[2011.05.23 15:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Downloaded Installers
[2011.05.21 14:29:02 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll
[2011.05.20 19:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CCleaner
[2011.05.20 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.16 21:16:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 06:50:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.15 19:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dabou
[2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Bive
[2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Counter-Strike Source
[2011.05.07 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TECHNO4EVER Player
[2011.05.07 13:23:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.05.07 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Koenr
[2011.05.05 17:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Counter-Strike Source
[2011.05.04 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kock
[2011.05.04 15:16:28 | 000,000,000 | ---D | C] -- C:\2011838ae5cda6dd97
[2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ruyqit
[2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Exyl
[2011.05.04 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oghipu
[2011.05.04 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ewonum
[2011.05.03 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Xyopu
[2011.05.03 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ythuu
[2011.05.03 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Fyel
[2011.05.02 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Erakwi
[2011.05.02 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Iwreob
[2011.05.01 13:34:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Vasago
[2011.05.01 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Heuty
[2011.05.01 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Duiclu
[2011.04.28 12:26:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\5015
[2011.04.26 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Black & White 2
[2011.04.26 21:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Black & White 2
[2011.04.26 21:04:18 | 000,000,000 | ---D | C] -- C:\Programme\Lionhead Studios
[2011.04.26 19:15:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Drakensang
[2011.04.26 18:49:16 | 000,000,000 | ---D | C] -- C:\Programme\Drakensang
[2011.04.26 15:28:03 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Uniblue
[2011.04.26 15:27:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011.04.26 15:27:51 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.04.26 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\xmldm
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.25 17:55:05 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.25 17:55:05 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.25 17:55:05 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.25 17:55:04 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.25 17:50:31 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.25 17:50:31 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.25 17:49:47 | 000,030,259 | ---- | M] () -- C:\Users\Alex\Desktop\hjtscanlist.bat
[2011.05.25 17:44:05 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rabcfw.sys
[2011.05.25 16:33:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.25 14:26:59 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job
[2011.05.25 14:25:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job
[2011.05.25 13:51:39 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job
[2011.05.25 13:50:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.24 15:58:33 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll
[2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Error Fix Scan.job
[2011.05.23 17:57:23 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\MafiaBug.rtf
[2011.05.23 16:43:47 | 000,014,408 | ---- | M] () -- C:\Users\Alex\Documents\Antivir².rtf
[2011.05.23 16:08:35 | 000,014,402 | ---- | M] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf
[2011.05.23 14:05:53 | 000,001,280 | ---- | M] () -- C:\Users\Alex\Documents\CMV.rtf
[2011.05.22 19:21:48 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf
[2011.05.21 22:54:49 | 000,001,390 | ---- | M] () -- C:\Users\Alex\Documents\lehrer..rtf
[2011.05.21 17:59:05 | 000,001,326 | RHS- | M] () -- C:\Users\Alex\ntuser.pol
[2011.05.21 14:29:02 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll
[2011.05.20 16:04:36 | 000,000,962 | ---- | M] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf
[2011.05.16 21:16:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 06:50:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.05.16 06:50:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.15 19:01:22 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.15 13:33:57 | 206,240,140 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.14 08:47:32 | 2926,603,649 | ---- | M] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe
[2011.05.11 16:23:37 | 000,000,210 | ---- | M] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf
[2011.05.09 15:11:01 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.05.09 07:13:02 | 000,000,680 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011.05.08 21:46:23 | 000,001,808 | ---- | M] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk
[2011.05.07 13:46:38 | 000,000,823 | ---- | M] () -- C:\Users\Alex\Desktop\T4E Player.lnk
[2011.04.26 19:15:07 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001119.LCS
[2011.04.26 13:55:11 | 000,000,112 | ---- | M] () -- C:\ProgramData\56iE4qch.dat
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.25 17:44:05 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rabcfw.sys
[2011.05.24 16:03:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 17:57:22 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\MafiaBug.rtf
[2011.05.23 16:43:47 | 000,014,408 | ---- | C] () -- C:\Users\Alex\Documents\Antivir².rtf
[2011.05.23 16:08:35 | 000,014,402 | ---- | C] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf
[2011.05.23 16:01:48 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Error Fix Scan.job
[2011.05.23 14:05:53 | 000,001,280 | ---- | C] () -- C:\Users\Alex\Documents\CMV.rtf
[2011.05.22 19:21:48 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf
[2011.05.21 22:54:49 | 000,001,390 | ---- | C] () -- C:\Users\Alex\Documents\lehrer..rtf
[2011.05.15 19:45:18 | 000,000,962 | ---- | C] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf
[2011.05.15 19:01:22 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.14 08:15:34 | 2926,603,649 | ---- | C] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe
[2011.05.11 16:23:36 | 000,000,210 | ---- | C] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf
[2011.05.09 07:13:02 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011.05.08 21:46:23 | 000,001,808 | ---- | C] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk
[2011.05.07 13:46:38 | 000,000,823 | ---- | C] () -- C:\Users\Alex\Desktop\T4E Player.lnk
[2011.04.26 19:14:42 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001119.LCS
[2011.04.26 13:31:37 | 000,000,112 | ---- | C] () -- C:\ProgramData\56iE4qch.dat
[2011.04.25 11:12:06 | 000,000,136 | ---- | C] () -- C:\ProgramData\~41672456r
[2011.04.25 11:12:06 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41672456
[2011.04.25 11:11:53 | 000,000,400 | ---- | C] () -- C:\ProgramData\41672456
[2011.04.25 11:05:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~41017096r
[2011.04.25 11:05:41 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41017096
[2011.04.25 11:05:22 | 000,000,400 | ---- | C] () -- C:\ProgramData\41017096
[2011.03.27 15:22:11 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011.03.24 20:04:02 | 000,065,040 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.02.28 19:04:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.02.19 23:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\msicpl.ini
[2009.08.02 16:29:26 | 000,000,276 | ---- | C] () -- C:\Windows\thug2.ini
[2009.05.27 17:05:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.27 17:05:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.12.28 04:59:54 | 000,138,608 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.12.28 04:59:37 | 000,189,800 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.12.28 04:59:35 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.12.28 04:59:34 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini
[2008.12.21 13:51:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2008.11.21 20:30:29 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2008.11.02 22:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.11.02 22:46:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.11.02 22:17:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008.11.02 22:14:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008.09.10 17:25:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.09.02 17:04:44 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.09.02 17:04:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.08.07 11:52:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.11 17:24:03 | 000,399,736 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008.04.10 17:28:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.04.02 15:52:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.18 18:53:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.03.17 17:05:08 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.02.27 10:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2008.01.04 13:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.23 12:00:36 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2007.12.23 11:50:55 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007.12.16 15:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.12.09 22:15:31 | 000,479,232 | ---- | C] () -- C:\Windows\System32\HookShield.dll
[2007.12.09 22:15:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\executeosd.exe
[2007.12.09 22:15:30 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll
[2007.12.09 22:15:30 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll
[2007.12.09 22:15:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\startup.exe
[2007.12.09 22:15:27 | 000,462,848 | ---- | C] () -- C:\Windows\System32\HookMap.dll
[2007.12.09 20:23:49 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2007.12.09 20:23:49 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.12.09 20:23:49 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2007.12.09 20:23:49 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2007.12.09 20:23:49 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2007.12.09 20:23:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.11.20 16:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll
[2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 17:33:31 | 000,638,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,272,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.05.21 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\5015
[2011.05.23 06:49:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bive
[2011.02.20 20:41:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Bombermaaan
[2011.05.21 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dabou
[2011.05.04 15:23:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Duiclu
[2011.03.03 20:47:42 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.02 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Erakwi
[2011.05.04 15:24:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ewonum
[2011.05.04 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Exyl
[2011.05.03 08:08:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Fyel
[2011.05.03 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Heuty
[2011.02.20 14:59:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2011.05.02 18:29:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Iwreob
[2011.05.04 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\kock
[2011.05.07 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Koenr
[2011.05.04 14:30:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Oghipu
[2011.03.24 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2011.02.19 23:00:40 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ParentalControl
[2011.05.04 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ruyqit
[2011.03.23 18:30:11 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Sony
[2011.05.07 14:01:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony Setup
[2011.05.24 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SpeedSim
[2011.03.02 14:58:51 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer
[2011.03.23 18:41:54 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Teleca
[2011.04.26 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue
[2011.05.01 13:34:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vasago
[2011.04.26 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\xmldm
[2011.05.03 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Xyopu
[2011.05.03 15:59:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ythuu
[2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\Error Fix Scan.job
[2011.05.25 14:28:49 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.25 14:26:59 | 000,000,398 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job
[2011.05.25 13:51:39 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job
[2011.05.25 14:25:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job
 
========== Purity Check ==========
 
 

< End of report >
         
[CODE]OTL Extras logfile created on: 25.05.2011 18:26:26 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alex\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 26,86% Memory free
4,24 Gb Paging File | 1,94 Gb Available in Paging File | 45,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,50 Gb Total Space | 59,17 Gb Free Space | 50,79% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS
Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS

Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065E1C38-973B-420F-B300-BDE7042A66CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{153011C4-F9EB-4BF1-AEBB-27FB9BA2E179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{166FABF1-D78E-44B7-A59A-B1DFB57652EE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3DD9E3BA-BBE6-4022-AB7A-BF11F5A333FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59671036-B829-4941-A9E3-F7379DB24EB0}" = lport=6112 | protocol=17 | dir=in | name=warcraft hosten (udp) |
"{603119FC-035D-4A3A-9327-6807EC4345EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6F655981-E0B6-49CB-9EED-1541861992A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{74474826-2651-4A2C-97A1-92B0A325D5B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8ECFC677-3E3C-4DE5-9DBE-FFC1C658C195}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{A5A54654-BB71-4AEB-831F-7E0C6A3EE5C0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AA24654D-64AE-4106-8141-753E04303CC4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AD3F7378-5448-477B-8039-67EA7A916894}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{ADB8B2A9-030F-4370-9AD3-9C1952FE31E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BF180437-BA42-47EA-86C4-E1034F2652C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1674B6F-19D8-46E7-B498-56D0B5AC4B01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C1B99E14-D1A6-441E-847E-22D821F81ABA}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{DCDF20B5-C6DC-4B06-9DCB-71E40B6C704A}" = lport=6112 | protocol=6 | dir=in | name=warcraft hosten (tcp) |
"{DEE52D1E-7AD8-4587-8797-A336A942CFD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DFB2FDC5-AC69-46D9-B918-C8D3C3D1C974}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4ED2BDD-F5F1-4448-86EF-22328182D7C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0AD1039-C922-48D5-A915-75A6627719C8}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe |
"{F4B94E0C-13A7-4238-ADE2-CFEA87226B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD234473-D514-4495-9D7E-DA93CD8571DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD9D77BE-C2C6-46A8-B921-44B7FF0CC0AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEBE93D1-C791-43D6-A149-03E12BAA9F98}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EA7C1D-C51B-4363-B127-4D11EF1F7CF2}" = protocol=41 | dir=out | app=system |
"{07857146-54F5-404C-B2AF-23E5F8B270FD}" = protocol=58 | dir=in | app=system |
"{0AE01A6B-3E5B-4186-B521-5E57A0908AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1516A6E8-5B15-4ADC-B6A7-AC141C8EB166}" = protocol=58 | dir=out | name=kernnetzwerk - routerankündigung (icmpv6 ausgehend) |
"{18398135-4B64-4406-B89A-6893889751F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19C5B54D-4E44-4D0F-A81B-8721687466C0}" = protocol=58 | dir=in | app=system |
"{2D881E67-AC89-4417-B94D-B1F12B22AEEA}" = protocol=58 | dir=in | app=system |
"{3056500B-E1AD-4B9F-9192-61A8C5A36D06}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe |
"{3127CCFC-444D-4677-8BB6-3FCADB49CC9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31F7B4CC-315B-4771-90C5-2346508D32D1}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörabfrage (icmpv6 ausgehend) |
"{34975BFD-5193-4648-88B8-E11456940F7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35318073-168C-4CBA-9ACC-B5B5C2438A5B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{380053FD-4EC8-48C1-B580-87E0EA7C9CCD}" = protocol=6 | dir=in | app=c:\progfiles\itunes\itunes.exe |
"{4B50C50A-C5D8-4BB1-BF95-4FA8348197CA}" = protocol=1 | dir=in | app=system |
"{52C5FB71-3087-40A9-9258-02A001F6C752}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{539EE3FA-207C-4BA5-B539-F9F7695B6704}" = protocol=58 | dir=in | app=system |
"{5C96D9AE-02AC-4F75-8531-9BE55F67520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60231891-8EDF-4967-908D-0B19B961CF5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B0D204E-BE84-4507-BC7F-E9C0D60E0ACE}" = protocol=58 | dir=out | name=kernnetzwerk - zeitüberschreitung (icmpv6 ausgehend) |
"{6EB29043-E7B3-4627-95F5-862CEE5B892B}" = protocol=58 | dir=in | app=system |
"{72EE8667-87C0-4714-B93C-FA98BA3AF6F4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{790FFA2C-EBCD-4103-A7C1-3447363CEEAB}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht (icmpv6 ausgehend) |
"{7B6C17ED-459C-41E4-890B-7854F2B640B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E07FE11-8F48-4EC8-8ABF-5F96B4E9BC6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{847993E7-A11C-4B11-9DCA-C208A2650937}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe |
"{857BDD0D-295F-4026-BEEF-2DD2A010222D}" = protocol=58 | dir=in | app=system |
"{8BA0DDA9-D3C0-4D15-A650-6213891173AB}" = protocol=17 | dir=in | app=c:\progfiles\itunes\itunes.exe |
"{8E493B07-5F47-48F6-AE90-5C7E3DB88CD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{921E215D-E43B-4C4C-8FD3-4A0B3B8481D1}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsanfrage (icmpv6 ausgehend) |
"{92D14525-95D6-4698-AD31-7ECFA02F7350}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht v2 (icmpv6 ausgehend) |
"{965E55CF-7ADF-495F-95A5-262731EDFCA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9B91B485-E126-4A8C-A06A-6EA661D9E790}" = protocol=41 | dir=in | app=system |
"{9C1649E5-F2C9-4A26-8FDD-1C1686D24D6B}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsankündigung (icmpv6 ausgehend) |
"{A6B366F9-F865-4036-AD89-BB5308496B7D}" = protocol=58 | dir=out | name=kernnetzwerk - routeranfrage (icmpv6 ausgehend) |
"{A9E45AAD-C3EB-46C3-B13F-618218A2B693}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe |
"{AB2F0A65-7D60-4257-8191-CA9AEC3BF39F}" = protocol=6 | dir=out | app=system |
"{AE50CCDF-CE9B-49E5-A7EE-8234071B33B8}" = protocol=2 | dir=in | app=system |
"{AF3964B1-517D-43AD-B6E8-9869A17C1799}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{AF6942F8-3D04-470D-B417-A814BE9CF585}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörvorgang abgeschlossen (icmpv6 ausgehend) |
"{B17E2752-A463-4FF4-88D3-5BB5228E1C09}" = protocol=58 | dir=in | app=system |
"{BEDDA3A2-E64C-4CFD-9438-0763C8ECCCF5}" = protocol=58 | dir=in | app=system |
"{C151598C-C645-4AB0-A7BF-3943C343F230}" = protocol=58 | dir=in | app=system |
"{C46D1837-4E3D-4637-BFCD-B9FF14FC106A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D083D3B2-816D-43ED-A0AF-8577CE985BDD}" = protocol=2 | dir=out | app=system |
"{D67D5A69-C19C-4255-BFB3-398D2BEF48FA}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe |
"{D9C8C3D5-E97B-4275-A216-267C11A87FB4}" = protocol=58 | dir=in | app=system |
"{E2982187-6155-4B4C-AD9D-556DB2CC8AE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E444E485-F907-4E74-876E-7F05871BAB07}" = protocol=58 | dir=in | app=system |
"{E68D854F-15AC-4168-89FC-B4D5B8CFDCD1}" = protocol=58 | dir=out | name=kernnetzwerk - parameterproblem (icmpv6 ausgehend) |
"{E8089052-4DA6-4B5F-9A62-293A4498981B}" = protocol=58 | dir=out | name=kernnetzwerk - paket zu gross (icmpv6 ausgehend) |
"{E97F0E39-5924-4C45-9DCB-E7A96F9C7533}" = protocol=58 | dir=in | app=system |
"{F38372D4-EF54-4052-B299-FF49CFA53380}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F3FCC74E-5FC4-48AD-BEF1-87402F2B2D79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FACAEB83-3312-4D9C-979D-241358EA7513}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe |
"TCP Query User{040A77D4-C269-4FEC-9843-AE0918C9F810}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe |
"TCP Query User{0D1A2328-BB85-406B-B69A-21DCD2E563F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{22372A26-D688-4650-953E-FB0CBE63AD6F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe |
"TCP Query User{288018B9-20ED-4065-8190-340DAB7156C1}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe |
"TCP Query User{2D9EE5FD-7FAF-4D3D-A6FB-6BF3AF079657}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2E648958-69DD-4501-8A4E-0D9DCE0AF2F8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{2FE0DB96-0D88-4DE3-99C4-97245DF2D068}F:\callofduty4\iw3mp.exe" = protocol=6 | dir=in | app=f:\callofduty4\iw3mp.exe |
"TCP Query User{4518FABE-E6A7-4276-98A6-212B8B70330F}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe |
"TCP Query User{475C53F3-55E2-402E-AB30-70E9C7CD1C3F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe |
"TCP Query User{58D32D27-08C6-44E3-800F-358C6990D4B2}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe |
"TCP Query User{5A0DF772-B951-4485-906B-9AE926786D3F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{62F9BB5A-047F-45AB-9888-7227980F8F96}C:\progfiles\screamerradio\screamer.exe" = protocol=6 | dir=in | app=c:\progfiles\screamerradio\screamer.exe |
"TCP Query User{68A290FC-BF34-4278-BC2D-1F0543CAB416}C:\progfiles\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\progfiles\zattoo\zattood.exe |
"TCP Query User{6BEB8DDB-06FE-49DF-9D3B-A60123DC6F19}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{70972043-A089-4B7D-9CEB-02940A6501B9}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{740BAB1F-6D64-4B75-A0F0-2C0959463A21}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe |
"TCP Query User{7CF46998-ED4B-44FE-BA2A-9DB7CE7E7919}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe |
"TCP Query User{84E52A8F-7A12-4E26-A5A3-E94F139147A1}C:\progfiles\garena\garena.exe" = protocol=6 | dir=in | app=c:\progfiles\garena\garena.exe |
"TCP Query User{87862B45-EA94-4065-A0D2-D0814254A4B4}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe |
"TCP Query User{8B10CF85-D4DC-44A4-A5D8-EF6E6A8D09B1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{8EB4347A-06C9-4FF2-9592-57C118DBD47E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{986C8BEC-9FAE-4AFE-9768-C9391CD2B4AB}C:\progfiles\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\progfiles\firefox\firefox.exe |
"TCP Query User{98A2A7F9-770B-4676-A924-FFF15EA432BE}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe |
"TCP Query User{99311A98-6A0C-419A-81E4-C68269C737EB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{B53B81CA-32F9-4D7C-9431-B17872382D31}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe |
"TCP Query User{BDF81878-22DF-4784-8B0D-063E84A4BB2B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe |
"TCP Query User{D7127690-B8D7-4BCB-BE91-B9777A037CBA}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{DDD2B434-CB82-48A1-AECC-E57EC3D967E8}C:\progfiles\icq6\icq.exe" = protocol=6 | dir=in | app=c:\progfiles\icq6\icq.exe |
"TCP Query User{E61D138D-11DC-4EF7-9B44-F68CF26866D4}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe |
"TCP Query User{E8B709B1-9ACC-49DE-9EAA-702937865120}F:\serios sam ii\bin\sam2.exe" = protocol=6 | dir=in | app=f:\serios sam ii\bin\sam2.exe |
"TCP Query User{E8EC0FD6-9538-4903-8B6A-0B62353E23F1}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe |
"TCP Query User{E91CD75E-963F-43A5-B4E3-825044A163B8}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe |
"TCP Query User{ED0BDEDC-B31B-4F37-BCC9-446AE8A1921B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe |
"TCP Query User{EDA64722-9CC6-41AA-A50D-A3D5DB7D2E84}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F2484FDC-7C5E-4351-A3F9-3012DDBA3C8E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{03E7B46B-31B0-436D-A1EE-DFD92363438E}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe |
"UDP Query User{0969CEB8-4C31-4381-95F0-7049E7E22BE3}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe |
"UDP Query User{10EC67F6-663D-47A2-A4D6-F5AFF2C10406}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{13544F0F-3A35-4B25-9F54-CA3ED7FFF3DC}C:\progfiles\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\progfiles\firefox\firefox.exe |
"UDP Query User{1935E1FF-9806-4C40-BBAD-29AE173F99B5}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe |
"UDP Query User{217316AA-80B0-4B6D-A694-4D03F611CE9C}C:\progfiles\screamerradio\screamer.exe" = protocol=17 | dir=in | app=c:\progfiles\screamerradio\screamer.exe |
"UDP Query User{2B3C385E-FBB8-4C6B-A3C9-C9808776DE65}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe |
"UDP Query User{315F4795-2594-4011-A831-281BADCCCD69}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{42C667E3-7F8D-4844-A3C8-100B870922E3}F:\serios sam ii\bin\sam2.exe" = protocol=17 | dir=in | app=f:\serios sam ii\bin\sam2.exe |
"UDP Query User{435FFE92-F275-40B0-BC64-6FE106BF4A2A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{46D5DB42-95CF-4125-AE0A-A61419396A55}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{5540E194-BF17-4517-BB89-88962D3EADC1}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
"UDP Query User{5586E9DA-02D1-41CC-898D-ED60E72152B3}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{56F3ABFF-8D06-4332-B5AD-F85EA33E7E91}F:\callofduty4\iw3mp.exe" = protocol=17 | dir=in | app=f:\callofduty4\iw3mp.exe |
"UDP Query User{57F199C6-D85F-4715-A523-2A2069E2E38C}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe |
"UDP Query User{59C856D3-5AB1-4F10-90EF-D4EB41491BB4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{66575AE9-C0D4-454C-8157-FCB1129EB4BD}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe |
"UDP Query User{6AC60CC6-AFC7-4E39-944C-BA11887C964D}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe |
"UDP Query User{6D0260B9-6763-485A-A942-EC606691F259}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe |
"UDP Query User{6F78FF01-CA2C-4BE8-9B19-6B274198FEC5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{70904A82-EF0D-46D5-9628-BF11580D11E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{710C74B2-1A3C-46E0-A97D-240CAB43E0C1}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{85E1CFB1-B4AA-4ED5-9D14-F5CFF96B2B76}C:\progfiles\garena\garena.exe" = protocol=17 | dir=in | app=c:\progfiles\garena\garena.exe |
"UDP Query User{95428427-AFB4-4EE3-A146-6049A5A7E105}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9C18AEC0-4DA4-4F32-9019-B51D3B240235}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe |
"UDP Query User{9E22FA4F-0B9A-438C-8912-66BF20ACEEC2}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe |
"UDP Query User{A1FA7043-06C2-4E10-AD02-9C99BD56FD8D}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe |
"UDP Query User{B6D23BB0-FC4C-4F83-A59E-EAA0B3331E00}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe |
"UDP Query User{BADEBABF-AF1B-4478-B5AB-34D0EC5E04E0}C:\progfiles\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\progfiles\zattoo\zattood.exe |
"UDP Query User{C4405CDE-EF56-4DF8-A473-00952B53ACD5}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe |
"UDP Query User{D58B51BF-353D-4741-A9CD-B1EE0C087809}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe |
"UDP Query User{DA60D498-5BFB-4FAE-8A46-810771B87052}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{DE111D63-5C5B-4405-96CE-7DD7528E9CCC}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe |
"UDP Query User{F2F2DBF3-F3F1-4F89-B8CD-1A5332A2A027}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0192ED7A-0AF2-426B-AFDF-AD8506295C94}" = Error Fix
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{128A6D30-D64D-4923-8EA3-4A4C536E0A4C}" = Mega ePower 85 Software
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1" = Bombermaaan 1.4
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{ADC20BE6-8CA6-4989-B3E8-68EBD2AF1031}" = Nero 7 Essentials
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"Cossacks : Back To War" = Cossacks - Back To War
"Counter-Strike: Source" = Counter-Strike: Source
"DX-Ball 1.09" = DX-Ball 1.09
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33
"FreePDF_XP" = FreePDF XP (Remove only)
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Red Alert" = Red Alert Windows 95
"Rohan_DE" = R.O.H.A.N. Vendetta
"SpeedSim" = SpeedSim
"SuperTux_is1" = SuperTux 0.1.3
"T4EPlayer" = T4E Player
"TmNationsForever_is1" = TmNationsForever
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 16.08.2009 18:00:19 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.08.2009 07:02:33 | Computer Name = MarcsPC | Source = ESENT | ID = 215
Description = WinMail (3060) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.

Error - 20.08.2009 07:04:30 | Computer Name = MarcsPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 16.04.2008 09:35:30 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.

Error - 18.04.2008 12:54:59 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.

Error - 18.04.2008 16:09:11 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.

[ System Events ]
Error - 25.05.2011 02:20:27 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026
Description =

Error - 25.05.2011 07:51:55 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026
Description =

Error - 25.05.2011 08:12:39 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description =

Error - 25.05.2011 08:12:39 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description =

Error - 25.05.2011 11:50:49 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7034
Description =

Error - 25.05.201
__________________

Alt 26.05.2011, 21:11   #4
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6674

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

25.05.2011 17:43:47
mbam-log-2011-05-25 (17-43-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 355900
Laufzeit: 1 Stunde(n), 5 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{003541A1-3BC0-1B1C-AAF3-040114001C01} (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SwUpdate (Trojan.Agent) -> Value: SwUpdate -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Bad: (C:\PROGRA~2\\MACROM~1\SWFUPD~1\swfupdate.dll) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Washer2.rar (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\macromedia\swfupdate\swfupdate.dll (Trojan.Agent) -> Delete on reboot.
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\K72RMM3K\users_root_file_file[1].exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\Washer2.rar\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
         
Muss leider alles einzeln Posten sonst kommt so ein Lade fehler tut mir leid.

Alt 28.05.2011, 08:43   #5
kira
/// Helfer-Team
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



Punkt 5. fehlt noch:-> http://www.trojaner-board.de/99473-j...tml#post662613

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 30.05.2011, 20:45   #6
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



yp, das weiß ich nich wie ich alle markieren soll oder geht das auch einzeln?

Alt 31.05.2011, 16:51   #7
kira
/// Helfer-Team
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



Teile es zur Not auf mehrere Beiträge auf. oder am besten nur die Funde posten
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 31.05.2011, 18:47   #8
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Die Datei 'C:\Windows\Temp\639.tmp.VIR'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.24362.2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ab3f56e.qua' verschoben!

In der Datei 'C:\Windows\Temp\639.tmp.VIR'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.24362.2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Die Datei 'C:\Windows\Temp\639.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.24362.2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde nach '639.tmp.VIR' umbenannt!

Die Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTFIOXXN\hudshpioitgw[1].html.VIR'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-3552' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a2af4f3.qua' verschoben!

Die Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTFIOXXN\hudshpioitgw[1].html'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-3552' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde nach 'hudshpioitgw[1].html.VIR' umbenannt!

In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTFIOXXN\hudshpioitgw[1].html.VIR'
wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-3552' [exploit] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Die Datei 'C:\ProgramData\Macromedia\swfupdate\swfupdate.dll.VIR'
enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

In der Datei 'C:\ProgramData\Macromedia\swfupdate\swfupdate.dll.VIR'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Die Datei 'c:\ProgramData\Macromedia\swfupdate\swfupdate.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan].
Durchgeführte Aktion(en):
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations> wurde erfolgreich entfernt.
Die Datei wurde nach 'swfupdate.dll.VIR' umbenannt!

n der Datei 'C:\Users\Alex\AppData\Roaming\appconf32.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Recycle.Bin\Recycle.Bin.exe.VIR'
enthielt einen Virus oder unerwünschtes Programm 'TR/Jorik.SpyEyes.mu' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b336482.qua' verschoben!

In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe.VIR'
wurde ein Virus oder unerwünschtes Programm 'TR/Jorik.SpyEyes.mu' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Windows\Temp\E114.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4adcef9f.qua' verschoben!

In der Datei 'C:\Windows\Temp\E114.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\E114.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\E114.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Die Datei 'C:\Windows\Temp\BA9F.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4aa49a88.qua' verschoben!

In der Datei 'C:\Windows\Temp\BA9F.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\BA9F.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\BA9F.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Windows\Temp\hnfx\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Windows\Temp\hnfx\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\mrfx\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\mrfx\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\wpvm\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\pskx\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\Temp\yenr\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-5ae3f6c8.VIR'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Stutter.AG' [virus].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

Die Datei 'C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-5ae3f6c8'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Stutter.AG' [virus].
Durchgeführte Aktion(en):
Die Datei wurde nach 'c669a2-5ae3f6c8.VIR' umbenannt!

In der Datei 'C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-5ae3f6c8.VIR'
wurde ein Virus oder unerwünschtes Programm 'JAVA/Stutter.AH' [virus] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Die Datei 'C:\Recycle.Bin\Recycle.Bin.exe.VIR'
enthielt einen Virus oder unerwünschtes Programm 'TR/Jorik.SpyEyes.mu' [trojan].
Durchgeführte Aktion(en):

Die Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD98QIDH\users_root_file_file[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/VBKrypt.dayt' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD98QIDH\users_root_file_file[1].exe'
wurde ein Virus oder unerwünschtes Programm 'TR/VBKrypt.dayt' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD98QIDH\users_root_file_file[1].exe'
wurde ein Virus oder unerwünschtes Programm 'TR/VBKrypt.dayt' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Danke für die Hilfe
Wollte ich am Anfang schon sagen aber leider vergessen
Hab ja keine Ahnung ob das jetzt viel ist oder nicht? Aber hoffe diese Berichte sind nicht schlimm.

Alt 31.05.2011, 20:53   #9
kira
/// Helfer-Team
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



1.
Kommen dir bekannt vor? Wo kommen die folgenden "Dateinamen" her? von dem Spiel vlt ?
Code:
ATTFilter
[2011.05.04 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kock
[2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ruyqit
[2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Exyl
[2011.05.04 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oghipu
[2011.05.04 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ewonum
[2011.05.03 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Xyopu
[2011.05.03 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ythuu
[2011.05.03 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Fyel
[2011.05.02 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Erakwi
[2011.05.02 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Iwreob
[2011.05.01 13:34:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Vasago
[2011.05.01 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Heuty
[2011.05.01 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Duiclu
[2011.05.23 06:49:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bive
[2011.02.20 20:41:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Bombermaaan
[2011.05.21 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dabou
[2011.05.04 15:23:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Duiclu
[2011.05.07 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Koenr
[2011.05.04 14:30:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Oghipu
[2011.03.23 18:41:54 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Teleca
[2011.04.26 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue
         
2.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
[2011.05.12 06:42:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com
[2011.04.25 11:12:06 | 000,000,136 | ---- | C] () -- C:\ProgramData\~41672456r
[2011.04.25 11:12:06 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41672456
[2011.04.25 11:11:53 | 000,000,400 | ---- | C] () -- C:\ProgramData\41672456
[2011.04.25 11:05:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~41017096r
[2011.04.25 11:05:41 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41017096
[2011.04.25 11:05:22 | 000,000,400 | ---- | C] () -- C:\ProgramData\41017096

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

5.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 01.06.2011, 16:53   #10
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



Ja sind Spiele.
Spiel sehr viel zurzeit.
2.
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com folder moved successfully.
C:\ProgramData\~41672456r moved successfully.
C:\ProgramData\~41672456 moved successfully.
C:\ProgramData\41672456 moved successfully.
C:\ProgramData\~41017096r moved successfully.
C:\ProgramData\~41017096 moved successfully.
C:\ProgramData\41017096 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alex
->Temp folder emptied: 13489205 bytes
->Temporary Internet Files folder emptied: 31564690 bytes
->Java cache emptied: 4646599 bytes
->FireFox cache emptied: 134039115 bytes
->Flash cache emptied: 1840247 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 49660 bytes
->Temporary Internet Files folder emptied: 30678207 bytes
->Flash cache emptied: 698 bytes
 
User: Marc
 
User: Public
 
User: Walter
->Temp folder emptied: 4043038 bytes
->Temporary Internet Files folder emptied: 36839076 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33377807 bytes
->Flash cache emptied: 4434 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 2032679617 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 71595368 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 24590 bytes
RecycleBin emptied: 39543 bytes
 
Total Files Cleaned = 2.284,00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06012011_151811

Files\Folders moved on Reboot...
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJ7M36V9\search[5].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJ7M36V9\search[6].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJ7M36V9\search[9].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCOKCB4P\search[4].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCOKCB4P\search[6].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCOKCB4P\search[7].txt moved successfully.
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCOKCB4P\seller[1].txt not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8DUF76L\search[4].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8DUF76L\search[8].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8DUF76L\search[9].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06VK2VYG\search[2].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06VK2VYG\search[3].txt moved successfully.

Registry entries deleted on Reboot...
         
Code:
ATTFilter
OTL logfile created on: 01.06.2011 16:29:05 - Run 5
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Alex\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,79% Memory free
4,24 Gb Paging File | 2,85 Gb Available in Paging File | 67,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,50 Gb Total Space | 57,66 Gb Free Space | 49,49% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS
Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS
 
Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alex\Downloads\OTL(4).exe (OldTimer Tools)
PRC - C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Progfiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Alex\Downloads\OTL(4).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gusvc) --  File not found
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_8832f4b.dll ()
SRV - (AntiVirSchedulerService) -- C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva385) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Progfiles\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (PLCNDIS5) -- C:\Windows\System32\PLCNDIS5.SYS (Intellon, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goggle.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:3128
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su="
FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su="
FF - prefs.js..network.proxy.share_proxy_settings: true
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Windows\system32\config\systemprofile\AppData\Roaming\5015 [2011.05.01 14:14:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 19:01:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.02.20 14:37:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2011.06.01 15:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions
[2011.05.07 14:01:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.12 06:42:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.28 09:48:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.15 19:03:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\support@lastpass.com
[2011.05.16 06:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.05.21 14:29:02 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ALEX\APPDATA\ROAMING\5015
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DI26CSR.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\progfiles\Adobe\Reader8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemonTool] C:\Windows\System32\hloads57.dll (Comp)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\ProgFiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Alex\hloads57.dll (Comp)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskk39.dll (Comp)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskzc80.dll (Comp)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 67108800
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.01 15:18:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.31 13:54:08 | 000,000,000 | ---D | C] -- C:\xmldm
[2011.05.31 06:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\alaplaya
[2011.05.31 06:38:02 | 000,000,000 | ---D | C] -- C:\Programme\alaplaya
[2011.05.31 06:29:56 | 711,189,938 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Alex\Desktop\S4League.exe
[2011.05.28 09:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DVDVideoSoft
[2011.05.28 09:47:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo
[2011.05.28 09:47:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2011.05.28 09:46:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2011.05.25 14:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2011.05.24 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2011.05.24 16:03:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.24 16:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.05.24 16:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.24 16:03:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.24 16:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.24 15:58:33 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll
[2011.05.23 15:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Downloaded Installers
[2011.05.21 14:29:02 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll
[2011.05.20 19:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CCleaner
[2011.05.20 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.16 21:16:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 06:50:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.15 19:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dabou
[2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Bive
[2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Counter-Strike Source
[2011.05.07 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TECHNO4EVER Player
[2011.05.07 13:23:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.05.07 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Koenr
[2011.05.05 17:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Counter-Strike Source
[2011.05.04 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kock
[2011.05.04 15:16:28 | 000,000,000 | ---D | C] -- C:\2011838ae5cda6dd97
[2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ruyqit
[2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Exyl
[2011.05.04 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oghipu
[2011.05.04 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ewonum
[2011.05.03 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Xyopu
[2011.05.03 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ythuu
[2011.05.03 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Fyel
[2011.05.02 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Erakwi
[2011.05.02 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Iwreob
[1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.01 16:30:58 | 000,000,889 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.06.01 16:30:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job
[2011.06.01 16:27:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job
[2011.06.01 16:12:14 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.01 16:12:14 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.01 16:12:14 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.01 16:12:14 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.01 15:23:46 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.01 15:23:46 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.01 15:23:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.01 13:53:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job
[2011.05.31 19:33:28 | 174,373,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.31 13:47:12 | 000,001,326 | RHS- | M] () -- C:\Users\Alex\ntuser.pol
[2011.05.31 06:42:40 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2011.05.31 06:37:20 | 711,189,938 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Alex\Desktop\S4League.exe
[2011.05.28 09:48:14 | 000,001,032 | ---- | M] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk
[2011.05.25 20:19:52 | 000,137,542 | ---- | M] () -- C:\Users\Alex\Documents\gesamter virusbericht.rtf
[2011.05.25 17:49:47 | 000,030,259 | ---- | M] () -- C:\Users\Alex\Desktop\hjtscanlist.bat
[2011.05.25 16:33:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.24 15:58:33 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll
[2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Error Fix Scan.job
[2011.05.23 17:57:23 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\MafiaBug.rtf
[2011.05.23 16:43:47 | 000,014,408 | ---- | M] () -- C:\Users\Alex\Documents\Antivir².rtf
[2011.05.23 16:08:35 | 000,014,402 | ---- | M] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf
[2011.05.23 14:05:53 | 000,001,280 | ---- | M] () -- C:\Users\Alex\Documents\CMV.rtf
[2011.05.22 19:21:48 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf
[2011.05.21 22:54:49 | 000,001,390 | ---- | M] () -- C:\Users\Alex\Documents\lehrer..rtf
[2011.05.21 14:29:02 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll
[2011.05.20 16:04:36 | 000,000,962 | ---- | M] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf
[2011.05.16 21:16:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 06:50:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.05.16 06:50:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.15 19:01:22 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.14 08:47:32 | 2926,603,649 | ---- | M] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe
[2011.05.11 16:23:37 | 000,000,210 | ---- | M] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf
[2011.05.09 15:11:01 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.05.09 07:13:02 | 000,000,680 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011.05.08 21:46:23 | 000,001,808 | ---- | M] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk
[2011.05.07 13:46:38 | 000,000,823 | ---- | M] () -- C:\Users\Alex\Desktop\T4E Player.lnk
[1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.31 06:42:40 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2011.05.28 09:48:14 | 000,001,032 | ---- | C] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk
[2011.05.25 20:19:52 | 000,137,542 | ---- | C] () -- C:\Users\Alex\Documents\gesamter virusbericht.rtf
[2011.05.25 20:16:58 | 000,000,889 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.05.24 16:03:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 17:57:22 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\MafiaBug.rtf
[2011.05.23 16:43:47 | 000,014,408 | ---- | C] () -- C:\Users\Alex\Documents\Antivir².rtf
[2011.05.23 16:08:35 | 000,014,402 | ---- | C] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf
[2011.05.23 16:01:48 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Error Fix Scan.job
[2011.05.23 14:05:53 | 000,001,280 | ---- | C] () -- C:\Users\Alex\Documents\CMV.rtf
[2011.05.22 19:21:48 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf
[2011.05.21 22:54:49 | 000,001,390 | ---- | C] () -- C:\Users\Alex\Documents\lehrer..rtf
[2011.05.15 19:45:18 | 000,000,962 | ---- | C] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf
[2011.05.15 19:01:22 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.14 08:15:34 | 2926,603,649 | ---- | C] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe
[2011.05.11 16:23:36 | 000,000,210 | ---- | C] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf
[2011.05.09 07:13:02 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011.05.08 21:46:23 | 000,001,808 | ---- | C] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk
[2011.05.07 13:46:38 | 000,000,823 | ---- | C] () -- C:\Users\Alex\Desktop\T4E Player.lnk
[2011.04.26 13:31:37 | 000,000,112 | ---- | C] () -- C:\ProgramData\56iE4qch.dat
[2011.03.27 15:22:11 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011.03.24 20:04:02 | 000,065,040 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.02.28 19:04:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.02.19 23:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\msicpl.ini
[2009.08.02 16:29:26 | 000,000,276 | ---- | C] () -- C:\Windows\thug2.ini
[2009.05.27 17:05:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.27 17:05:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.12.28 04:59:54 | 000,138,608 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.12.28 04:59:37 | 000,189,800 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.12.28 04:59:35 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.12.28 04:59:34 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini
[2008.12.21 13:51:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2008.11.21 20:30:29 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2008.11.02 22:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.11.02 22:46:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.11.02 22:17:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008.11.02 22:14:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008.09.10 17:25:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.09.02 17:04:44 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.09.02 17:04:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.08.07 11:52:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.11 17:24:03 | 000,399,736 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008.04.10 17:28:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.04.02 15:52:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.18 18:53:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.03.17 17:05:08 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.02.27 10:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2008.01.04 13:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.23 12:00:36 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2007.12.23 11:50:55 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007.12.16 15:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.12.09 22:15:31 | 000,479,232 | ---- | C] () -- C:\Windows\System32\HookShield.dll
[2007.12.09 22:15:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\executeosd.exe
[2007.12.09 22:15:30 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll
[2007.12.09 22:15:30 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll
[2007.12.09 22:15:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\startup.exe
[2007.12.09 22:15:27 | 000,462,848 | ---- | C] () -- C:\Windows\System32\HookMap.dll
[2007.12.09 20:23:49 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2007.12.09 20:23:49 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.12.09 20:23:49 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2007.12.09 20:23:49 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2007.12.09 20:23:49 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2007.12.09 20:23:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.11.20 16:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll
[2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 17:33:31 | 000,638,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,272,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.05.21 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\5015
[2011.05.23 06:49:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bive
[2011.02.20 20:41:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Bombermaaan
[2011.05.21 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dabou
[2011.05.04 15:23:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Duiclu
[2011.05.28 09:47:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2011.05.28 09:48:21 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.02 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Erakwi
[2011.05.04 15:24:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ewonum
[2011.05.04 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Exyl
[2011.05.03 08:08:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Fyel
[2011.05.03 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Heuty
[2011.02.20 14:59:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2011.05.02 18:29:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Iwreob
[2011.05.04 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\kock
[2011.05.07 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Koenr
[2011.05.04 14:30:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Oghipu
[2011.03.24 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2011.02.19 23:00:40 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ParentalControl
[2011.05.04 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ruyqit
[2011.03.23 18:30:11 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Sony
[2011.05.07 14:01:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony Setup
[2011.05.24 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SpeedSim
[2011.03.02 14:58:51 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer
[2011.03.23 18:41:54 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Teleca
[2011.04.26 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue
[2011.05.01 13:34:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vasago
[2011.04.26 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\xmldm
[2011.05.03 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Xyopu
[2011.05.03 15:59:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ythuu
[2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\Error Fix Scan.job
[2011.06.01 16:05:34 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.01 16:27:00 | 000,000,398 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job
[2011.06.01 13:53:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job
[2011.06.01 16:30:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job
 
========== Purity Check ==========
 
 

< End of report >
         
2a.
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2011 16:29:05 - Run 5
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Alex\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,79% Memory free
4,24 Gb Paging File | 2,85 Gb Available in Paging File | 67,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,50 Gb Total Space | 57,66 Gb Free Space | 49,49% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS
Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS
 
Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065E1C38-973B-420F-B300-BDE7042A66CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{153011C4-F9EB-4BF1-AEBB-27FB9BA2E179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C297379-69C0-4544-8D28-F70BFF12CE9E}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{3DD9E3BA-BBE6-4022-AB7A-BF11F5A333FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59671036-B829-4941-A9E3-F7379DB24EB0}" = lport=6112 | protocol=17 | dir=in | name=warcraft hosten (udp) | 
"{603119FC-035D-4A3A-9327-6807EC4345EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6F655981-E0B6-49CB-9EED-1541861992A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{74474826-2651-4A2C-97A1-92B0A325D5B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8ECFC677-3E3C-4DE5-9DBE-FFC1C658C195}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe | 
"{A5A54654-BB71-4AEB-831F-7E0C6A3EE5C0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AA24654D-64AE-4106-8141-753E04303CC4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AD3F7378-5448-477B-8039-67EA7A916894}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{ADB8B2A9-030F-4370-9AD3-9C1952FE31E0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BF180437-BA42-47EA-86C4-E1034F2652C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C1674B6F-19D8-46E7-B498-56D0B5AC4B01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C4B28741-7742-42AC-AA0C-DD1B555B8859}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{DCDF20B5-C6DC-4B06-9DCB-71E40B6C704A}" = lport=6112 | protocol=6 | dir=in | name=warcraft hosten (tcp) | 
"{DEE52D1E-7AD8-4587-8797-A336A942CFD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DFB2FDC5-AC69-46D9-B918-C8D3C3D1C974}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4ED2BDD-F5F1-4448-86EF-22328182D7C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F0AD1039-C922-48D5-A915-75A6627719C8}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | 
"{F4B94E0C-13A7-4238-ADE2-CFEA87226B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FD234473-D514-4495-9D7E-DA93CD8571DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FD9D77BE-C2C6-46A8-B921-44B7FF0CC0AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FEBE93D1-C791-43D6-A149-03E12BAA9F98}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EA7C1D-C51B-4363-B127-4D11EF1F7CF2}" = protocol=41 | dir=out | app=system | 
"{07857146-54F5-404C-B2AF-23E5F8B270FD}" = protocol=58 | dir=in | app=system | 
"{0AE01A6B-3E5B-4186-B521-5E57A0908AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1516A6E8-5B15-4ADC-B6A7-AC141C8EB166}" = protocol=58 | dir=out | name=kernnetzwerk - routerankündigung (icmpv6 ausgehend) | 
"{18398135-4B64-4406-B89A-6893889751F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19C5B54D-4E44-4D0F-A81B-8721687466C0}" = protocol=58 | dir=in | app=system | 
"{2D881E67-AC89-4417-B94D-B1F12B22AEEA}" = protocol=58 | dir=in | app=system | 
"{3056500B-E1AD-4B9F-9192-61A8C5A36D06}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | 
"{3127CCFC-444D-4677-8BB6-3FCADB49CC9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31F7B4CC-315B-4771-90C5-2346508D32D1}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörabfrage (icmpv6 ausgehend) | 
"{34975BFD-5193-4648-88B8-E11456940F7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{35318073-168C-4CBA-9ACC-B5B5C2438A5B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{380053FD-4EC8-48C1-B580-87E0EA7C9CCD}" = protocol=6 | dir=in | app=c:\progfiles\itunes\itunes.exe | 
"{4B50C50A-C5D8-4BB1-BF95-4FA8348197CA}" = protocol=1 | dir=in | app=system | 
"{52C5FB71-3087-40A9-9258-02A001F6C752}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{539EE3FA-207C-4BA5-B539-F9F7695B6704}" = protocol=58 | dir=in | app=system | 
"{5C96D9AE-02AC-4F75-8531-9BE55F67520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60231891-8EDF-4967-908D-0B19B961CF5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B0D204E-BE84-4507-BC7F-E9C0D60E0ACE}" = protocol=58 | dir=out | name=kernnetzwerk - zeitüberschreitung (icmpv6 ausgehend) | 
"{6EB29043-E7B3-4627-95F5-862CEE5B892B}" = protocol=58 | dir=in | app=system | 
"{72EE8667-87C0-4714-B93C-FA98BA3AF6F4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{790FFA2C-EBCD-4103-A7C1-3447363CEEAB}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht (icmpv6 ausgehend) | 
"{7B6C17ED-459C-41E4-890B-7854F2B640B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E07FE11-8F48-4EC8-8ABF-5F96B4E9BC6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{847993E7-A11C-4B11-9DCA-C208A2650937}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | 
"{857BDD0D-295F-4026-BEEF-2DD2A010222D}" = protocol=58 | dir=in | app=system | 
"{8BA0DDA9-D3C0-4D15-A650-6213891173AB}" = protocol=17 | dir=in | app=c:\progfiles\itunes\itunes.exe | 
"{8E493B07-5F47-48F6-AE90-5C7E3DB88CD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{921E215D-E43B-4C4C-8FD3-4A0B3B8481D1}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsanfrage (icmpv6 ausgehend) | 
"{92D14525-95D6-4698-AD31-7ECFA02F7350}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht v2 (icmpv6 ausgehend) | 
"{965E55CF-7ADF-495F-95A5-262731EDFCA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9B91B485-E126-4A8C-A06A-6EA661D9E790}" = protocol=41 | dir=in | app=system | 
"{9C1649E5-F2C9-4A26-8FDD-1C1686D24D6B}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsankündigung (icmpv6 ausgehend) | 
"{A6B366F9-F865-4036-AD89-BB5308496B7D}" = protocol=58 | dir=out | name=kernnetzwerk - routeranfrage (icmpv6 ausgehend) | 
"{A9E45AAD-C3EB-46C3-B13F-618218A2B693}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | 
"{AB2F0A65-7D60-4257-8191-CA9AEC3BF39F}" = protocol=6 | dir=out | app=system | 
"{AE50CCDF-CE9B-49E5-A7EE-8234071B33B8}" = protocol=2 | dir=in | app=system | 
"{AF3964B1-517D-43AD-B6E8-9869A17C1799}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{AF6942F8-3D04-470D-B417-A814BE9CF585}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörvorgang abgeschlossen (icmpv6 ausgehend) | 
"{B17E2752-A463-4FF4-88D3-5BB5228E1C09}" = protocol=58 | dir=in | app=system | 
"{BEDDA3A2-E64C-4CFD-9438-0763C8ECCCF5}" = protocol=58 | dir=in | app=system | 
"{C151598C-C645-4AB0-A7BF-3943C343F230}" = protocol=58 | dir=in | app=system | 
"{C46D1837-4E3D-4637-BFCD-B9FF14FC106A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D083D3B2-816D-43ED-A0AF-8577CE985BDD}" = protocol=2 | dir=out | app=system | 
"{D67D5A69-C19C-4255-BFB3-398D2BEF48FA}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | 
"{D9C8C3D5-E97B-4275-A216-267C11A87FB4}" = protocol=58 | dir=in | app=system | 
"{E2982187-6155-4B4C-AD9D-556DB2CC8AE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E444E485-F907-4E74-876E-7F05871BAB07}" = protocol=58 | dir=in | app=system | 
"{E68D854F-15AC-4168-89FC-B4D5B8CFDCD1}" = protocol=58 | dir=out | name=kernnetzwerk - parameterproblem (icmpv6 ausgehend) | 
"{E8089052-4DA6-4B5F-9A62-293A4498981B}" = protocol=58 | dir=out | name=kernnetzwerk - paket zu gross (icmpv6 ausgehend) | 
"{E97F0E39-5924-4C45-9DCB-E7A96F9C7533}" = protocol=58 | dir=in | app=system | 
"{F38372D4-EF54-4052-B299-FF49CFA53380}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F3FCC74E-5FC4-48AD-BEF1-87402F2B2D79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FACAEB83-3312-4D9C-979D-241358EA7513}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | 
"TCP Query User{040A77D4-C269-4FEC-9843-AE0918C9F810}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | 
"TCP Query User{0D1A2328-BB85-406B-B69A-21DCD2E563F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{22372A26-D688-4650-953E-FB0CBE63AD6F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | 
"TCP Query User{288018B9-20ED-4065-8190-340DAB7156C1}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | 
"TCP Query User{2D9EE5FD-7FAF-4D3D-A6FB-6BF3AF079657}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{2E648958-69DD-4501-8A4E-0D9DCE0AF2F8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{2FE0DB96-0D88-4DE3-99C4-97245DF2D068}F:\callofduty4\iw3mp.exe" = protocol=6 | dir=in | app=f:\callofduty4\iw3mp.exe | 
"TCP Query User{4518FABE-E6A7-4276-98A6-212B8B70330F}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | 
"TCP Query User{475C53F3-55E2-402E-AB30-70E9C7CD1C3F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | 
"TCP Query User{58D32D27-08C6-44E3-800F-358C6990D4B2}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | 
"TCP Query User{5A0DF772-B951-4485-906B-9AE926786D3F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{62F9BB5A-047F-45AB-9888-7227980F8F96}C:\progfiles\screamerradio\screamer.exe" = protocol=6 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | 
"TCP Query User{68A290FC-BF34-4278-BC2D-1F0543CAB416}C:\progfiles\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\progfiles\zattoo\zattood.exe | 
"TCP Query User{6BEB8DDB-06FE-49DF-9D3B-A60123DC6F19}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{70972043-A089-4B7D-9CEB-02940A6501B9}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{740BAB1F-6D64-4B75-A0F0-2C0959463A21}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"TCP Query User{7CF46998-ED4B-44FE-BA2A-9DB7CE7E7919}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"TCP Query User{84E52A8F-7A12-4E26-A5A3-E94F139147A1}C:\progfiles\garena\garena.exe" = protocol=6 | dir=in | app=c:\progfiles\garena\garena.exe | 
"TCP Query User{87862B45-EA94-4065-A0D2-D0814254A4B4}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | 
"TCP Query User{8B10CF85-D4DC-44A4-A5D8-EF6E6A8D09B1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{8EB4347A-06C9-4FF2-9592-57C118DBD47E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{986C8BEC-9FAE-4AFE-9768-C9391CD2B4AB}C:\progfiles\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\progfiles\firefox\firefox.exe | 
"TCP Query User{98A2A7F9-770B-4676-A924-FFF15EA432BE}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | 
"TCP Query User{99311A98-6A0C-419A-81E4-C68269C737EB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{B53B81CA-32F9-4D7C-9431-B17872382D31}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | 
"TCP Query User{BDF81878-22DF-4784-8B0D-063E84A4BB2B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | 
"TCP Query User{D7127690-B8D7-4BCB-BE91-B9777A037CBA}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | 
"TCP Query User{DDD2B434-CB82-48A1-AECC-E57EC3D967E8}C:\progfiles\icq6\icq.exe" = protocol=6 | dir=in | app=c:\progfiles\icq6\icq.exe | 
"TCP Query User{E61D138D-11DC-4EF7-9B44-F68CF26866D4}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | 
"TCP Query User{E8B709B1-9ACC-49DE-9EAA-702937865120}F:\serios sam ii\bin\sam2.exe" = protocol=6 | dir=in | app=f:\serios sam ii\bin\sam2.exe | 
"TCP Query User{E8EC0FD6-9538-4903-8B6A-0B62353E23F1}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | 
"TCP Query User{E91CD75E-963F-43A5-B4E3-825044A163B8}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | 
"TCP Query User{ED0BDEDC-B31B-4F37-BCC9-446AE8A1921B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | 
"TCP Query User{EDA64722-9CC6-41AA-A50D-A3D5DB7D2E84}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F2484FDC-7C5E-4351-A3F9-3012DDBA3C8E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{03E7B46B-31B0-436D-A1EE-DFD92363438E}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | 
"UDP Query User{0969CEB8-4C31-4381-95F0-7049E7E22BE3}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | 
"UDP Query User{10EC67F6-663D-47A2-A4D6-F5AFF2C10406}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{13544F0F-3A35-4B25-9F54-CA3ED7FFF3DC}C:\progfiles\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\progfiles\firefox\firefox.exe | 
"UDP Query User{1935E1FF-9806-4C40-BBAD-29AE173F99B5}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | 
"UDP Query User{217316AA-80B0-4B6D-A694-4D03F611CE9C}C:\progfiles\screamerradio\screamer.exe" = protocol=17 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | 
"UDP Query User{2B3C385E-FBB8-4C6B-A3C9-C9808776DE65}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | 
"UDP Query User{315F4795-2594-4011-A831-281BADCCCD69}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{42C667E3-7F8D-4844-A3C8-100B870922E3}F:\serios sam ii\bin\sam2.exe" = protocol=17 | dir=in | app=f:\serios sam ii\bin\sam2.exe | 
"UDP Query User{435FFE92-F275-40B0-BC64-6FE106BF4A2A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{46D5DB42-95CF-4125-AE0A-A61419396A55}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{5540E194-BF17-4517-BB89-88962D3EADC1}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | 
"UDP Query User{5586E9DA-02D1-41CC-898D-ED60E72152B3}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{56F3ABFF-8D06-4332-B5AD-F85EA33E7E91}F:\callofduty4\iw3mp.exe" = protocol=17 | dir=in | app=f:\callofduty4\iw3mp.exe | 
"UDP Query User{57F199C6-D85F-4715-A523-2A2069E2E38C}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | 
"UDP Query User{59C856D3-5AB1-4F10-90EF-D4EB41491BB4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{66575AE9-C0D4-454C-8157-FCB1129EB4BD}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"UDP Query User{6AC60CC6-AFC7-4E39-944C-BA11887C964D}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | 
"UDP Query User{6D0260B9-6763-485A-A942-EC606691F259}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | 
"UDP Query User{6F78FF01-CA2C-4BE8-9B19-6B274198FEC5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{70904A82-EF0D-46D5-9628-BF11580D11E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{710C74B2-1A3C-46E0-A97D-240CAB43E0C1}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{85E1CFB1-B4AA-4ED5-9D14-F5CFF96B2B76}C:\progfiles\garena\garena.exe" = protocol=17 | dir=in | app=c:\progfiles\garena\garena.exe | 
"UDP Query User{95428427-AFB4-4EE3-A146-6049A5A7E105}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9C18AEC0-4DA4-4F32-9019-B51D3B240235}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | 
"UDP Query User{9E22FA4F-0B9A-438C-8912-66BF20ACEEC2}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"UDP Query User{A1FA7043-06C2-4E10-AD02-9C99BD56FD8D}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | 
"UDP Query User{B6D23BB0-FC4C-4F83-A59E-EAA0B3331E00}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | 
"UDP Query User{BADEBABF-AF1B-4478-B5AB-34D0EC5E04E0}C:\progfiles\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\progfiles\zattoo\zattood.exe | 
"UDP Query User{C4405CDE-EF56-4DF8-A473-00952B53ACD5}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | 
"UDP Query User{D58B51BF-353D-4741-A9CD-B1EE0C087809}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | 
"UDP Query User{DA60D498-5BFB-4FAE-8A46-810771B87052}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{DE111D63-5C5B-4405-96CE-7DD7528E9CCC}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | 
"UDP Query User{F2F2DBF3-F3F1-4F89-B8CD-1A5332A2A027}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0192ED7A-0AF2-426B-AFDF-AD8506295C94}" = Error Fix
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{128A6D30-D64D-4923-8EA3-4A4C536E0A4C}" = Mega ePower 85 Software
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1" = Bombermaaan 1.4
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4BA56822-4E76-42EC-883F-52EF0859957E}" = S4 League_EU
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{ADC20BE6-8CA6-4989-B3E8-68EBD2AF1031}" = Nero 7 Essentials
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"Cossacks : Back To War" = Cossacks - Back To War
"Counter-Strike: Source" = Counter-Strike: Source
"DX-Ball 1.09" = DX-Ball 1.09
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Studio_is1" = Free Studio version 5.0.9
"FreePDF_XP" = FreePDF XP (Remove only)
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Red Alert" = Red Alert Windows 95
"Rohan_DE" = R.O.H.A.N. Vendetta
"SpeedSim" = SpeedSim
"SuperTux_is1" = SuperTux 0.1.3
"T4EPlayer" = T4E Player
"TmNationsForever_is1" = TmNationsForever
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2009 18:00:19 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.08.2009 07:02:33 | Computer Name = MarcsPC | Source = ESENT | ID = 215
Description = WinMail (3060) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 20.08.2009 07:04:30 | Computer Name = MarcsPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 16.04.2008 09:35:30 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 18.04.2008 12:54:59 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 18.04.2008 16:09:11 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 01.06.2011 02:22:07 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.06.2011 02:35:03 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 02:35:03 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 07:52:19 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.06.2011 08:09:02 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 08:09:02 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 09:25:07 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.06.2011 09:46:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 09:46:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 10:10:35 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
 
< End of report >
         

Alt 01.06.2011, 16:55   #11
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



3.OTL.exe
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.06.2011 17:38:03 - Run 6
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Alex\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,13% Memory free
4,25 Gb Paging File | 2,71 Gb Available in Paging File | 63,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,50 Gb Total Space | 57,52 Gb Free Space | 49,37% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS
Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS
 
Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alex\Downloads\OTL(5).exe (OldTimer Tools)
PRC - C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Progfiles\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Progfiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Alex\Downloads\OTL(5).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gusvc) --  File not found
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_8832f4b.dll ()
SRV - (AntiVirSchedulerService) -- C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Progfiles\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (PLCNDIS5) -- C:\Windows\System32\PLCNDIS5.SYS (Intellon, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goggle.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:3128
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su="
FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su="
FF - prefs.js..network.proxy.share_proxy_settings: true
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Windows\system32\config\systemprofile\AppData\Roaming\5015 [2011.05.01 14:14:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 19:01:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.02.20 14:37:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2011.06.01 15:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions
[2011.05.07 14:01:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.12 06:42:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.28 09:48:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.15 19:03:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\support@lastpass.com
[2011.05.16 06:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.05.21 14:29:02 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ALEX\APPDATA\ROAMING\5015
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DI26CSR.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\progfiles\Adobe\Reader8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemonTool] C:\Windows\System32\hloads57.dll (Comp)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\ProgFiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Alex\hloads57.dll (Comp)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskk39.dll (Comp)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskzc80.dll (Comp)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 67108800
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.01 15:18:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.31 13:54:08 | 000,000,000 | ---D | C] -- C:\xmldm
[2011.05.31 06:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\alaplaya
[2011.05.31 06:38:02 | 000,000,000 | ---D | C] -- C:\Programme\alaplaya
[2011.05.31 06:29:56 | 711,189,938 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Alex\Desktop\S4League.exe
[2011.05.28 09:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DVDVideoSoft
[2011.05.28 09:47:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo
[2011.05.28 09:47:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2011.05.28 09:46:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2011.05.25 14:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2011.05.24 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2011.05.24 16:03:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.24 16:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.05.24 16:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.24 16:03:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.24 16:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.24 15:58:33 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll
[2011.05.23 15:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Downloaded Installers
[2011.05.21 14:29:02 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll
[2011.05.20 19:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CCleaner
[2011.05.20 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.16 21:16:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 06:50:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.15 19:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dabou
[2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Bive
[2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Counter-Strike Source
[2011.05.07 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TECHNO4EVER Player
[2011.05.07 13:23:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.05.07 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Koenr
[2011.05.05 17:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Counter-Strike Source
[2011.05.04 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kock
[2011.05.04 15:16:28 | 000,000,000 | ---D | C] -- C:\2011838ae5cda6dd97
[2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ruyqit
[2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Exyl
[2011.05.04 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oghipu
[2011.05.04 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ewonum
[2011.05.03 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Xyopu
[2011.05.03 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ythuu
[2011.05.03 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Fyel
[2011.05.02 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Erakwi
[2011.05.02 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Iwreob
[1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.01 17:41:12 | 000,000,889 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.06.01 17:40:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job
[2011.06.01 17:38:16 | 000,036,579 | ---- | M] () -- C:\Users\Alex\Documents\Gmer.rtf
[2011.06.01 17:36:59 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job
[2011.06.01 16:45:10 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.01 16:45:10 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.01 16:45:10 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.01 16:45:10 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.01 16:39:09 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.01 16:39:09 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.01 16:38:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.01 16:38:41 | 240,519,884 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.06.01 13:53:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job
[2011.05.31 13:47:12 | 000,001,326 | RHS- | M] () -- C:\Users\Alex\ntuser.pol
[2011.05.31 06:42:40 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2011.05.31 06:37:20 | 711,189,938 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Alex\Desktop\S4League.exe
[2011.05.28 09:48:14 | 000,001,032 | ---- | M] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk
[2011.05.25 20:19:52 | 000,137,542 | ---- | M] () -- C:\Users\Alex\Documents\gesamter virusbericht.rtf
[2011.05.25 17:49:47 | 000,030,259 | ---- | M] () -- C:\Users\Alex\Desktop\hjtscanlist.bat
[2011.05.25 16:33:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.24 15:58:33 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll
[2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Error Fix Scan.job
[2011.05.23 17:57:23 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\MafiaBug.rtf
[2011.05.23 16:43:47 | 000,014,408 | ---- | M] () -- C:\Users\Alex\Documents\Antivir².rtf
[2011.05.23 16:08:35 | 000,014,402 | ---- | M] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf
[2011.05.23 14:05:53 | 000,001,280 | ---- | M] () -- C:\Users\Alex\Documents\CMV.rtf
[2011.05.22 19:21:48 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf
[2011.05.21 22:54:49 | 000,001,390 | ---- | M] () -- C:\Users\Alex\Documents\lehrer..rtf
[2011.05.21 14:29:02 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll
[2011.05.20 16:04:36 | 000,000,962 | ---- | M] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf
[2011.05.16 21:16:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 06:50:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.05.16 06:50:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.15 19:01:22 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.14 08:47:32 | 2926,603,649 | ---- | M] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe
[2011.05.11 16:23:37 | 000,000,210 | ---- | M] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf
[2011.05.09 15:11:01 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.05.09 07:13:02 | 000,000,680 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011.05.08 21:46:23 | 000,001,808 | ---- | M] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk
[2011.05.07 13:46:38 | 000,000,823 | ---- | M] () -- C:\Users\Alex\Desktop\T4E Player.lnk
[1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.01 17:34:11 | 000,036,579 | ---- | C] () -- C:\Users\Alex\Documents\Gmer.rtf
[2011.05.31 06:42:40 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2011.05.28 09:48:14 | 000,001,032 | ---- | C] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk
[2011.05.25 20:19:52 | 000,137,542 | ---- | C] () -- C:\Users\Alex\Documents\gesamter virusbericht.rtf
[2011.05.25 20:16:58 | 000,000,889 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.05.24 16:03:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 17:57:22 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\MafiaBug.rtf
[2011.05.23 16:43:47 | 000,014,408 | ---- | C] () -- C:\Users\Alex\Documents\Antivir².rtf
[2011.05.23 16:08:35 | 000,014,402 | ---- | C] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf
[2011.05.23 16:01:48 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Error Fix Scan.job
[2011.05.23 14:05:53 | 000,001,280 | ---- | C] () -- C:\Users\Alex\Documents\CMV.rtf
[2011.05.22 19:21:48 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf
[2011.05.21 22:54:49 | 000,001,390 | ---- | C] () -- C:\Users\Alex\Documents\lehrer..rtf
[2011.05.15 19:45:18 | 000,000,962 | ---- | C] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf
[2011.05.15 19:01:22 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.14 08:15:34 | 2926,603,649 | ---- | C] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe
[2011.05.11 16:23:36 | 000,000,210 | ---- | C] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf
[2011.05.09 07:13:02 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011.05.08 21:46:23 | 000,001,808 | ---- | C] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk
[2011.05.07 13:46:38 | 000,000,823 | ---- | C] () -- C:\Users\Alex\Desktop\T4E Player.lnk
[2011.04.26 13:31:37 | 000,000,112 | ---- | C] () -- C:\ProgramData\56iE4qch.dat
[2011.03.27 15:22:11 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011.03.24 20:04:02 | 000,065,040 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.02.28 19:04:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.02.19 23:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\msicpl.ini
[2009.08.02 16:29:26 | 000,000,276 | ---- | C] () -- C:\Windows\thug2.ini
[2009.05.27 17:05:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.27 17:05:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.12.28 04:59:54 | 000,138,608 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.12.28 04:59:37 | 000,189,800 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.12.28 04:59:35 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.12.28 04:59:34 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini
[2008.12.21 13:51:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2008.11.21 20:30:29 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2008.11.02 22:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.11.02 22:46:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.11.02 22:17:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008.11.02 22:14:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008.09.10 17:25:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.09.02 17:04:44 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.09.02 17:04:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.08.07 11:52:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.11 17:24:03 | 000,399,736 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008.04.10 17:28:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.04.02 15:52:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.18 18:53:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.03.17 17:05:08 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.02.27 10:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2008.01.04 13:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.23 12:00:36 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2007.12.23 11:50:55 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007.12.16 15:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.12.09 22:15:31 | 000,479,232 | ---- | C] () -- C:\Windows\System32\HookShield.dll
[2007.12.09 22:15:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\executeosd.exe
[2007.12.09 22:15:30 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll
[2007.12.09 22:15:30 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll
[2007.12.09 22:15:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\startup.exe
[2007.12.09 22:15:27 | 000,462,848 | ---- | C] () -- C:\Windows\System32\HookMap.dll
[2007.12.09 20:23:49 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2007.12.09 20:23:49 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.12.09 20:23:49 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2007.12.09 20:23:49 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2007.12.09 20:23:49 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2007.12.09 20:23:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.11.20 16:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll
[2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 17:33:31 | 000,638,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,272,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

< End of report >
         
--- --- ---



Otl.exe/Extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2011 17:38:04 - Run 6
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Alex\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,13% Memory free
4,25 Gb Paging File | 2,71 Gb Available in Paging File | 63,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,50 Gb Total Space | 57,52 Gb Free Space | 49,37% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS
Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS
 
Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065E1C38-973B-420F-B300-BDE7042A66CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{153011C4-F9EB-4BF1-AEBB-27FB9BA2E179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3DD9E3BA-BBE6-4022-AB7A-BF11F5A333FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59671036-B829-4941-A9E3-F7379DB24EB0}" = lport=6112 | protocol=17 | dir=in | name=warcraft hosten (udp) | 
"{603119FC-035D-4A3A-9327-6807EC4345EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6F655981-E0B6-49CB-9EED-1541861992A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{74474826-2651-4A2C-97A1-92B0A325D5B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8ECFC677-3E3C-4DE5-9DBE-FFC1C658C195}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe | 
"{A5A54654-BB71-4AEB-831F-7E0C6A3EE5C0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AA24654D-64AE-4106-8141-753E04303CC4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AD3F7378-5448-477B-8039-67EA7A916894}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{ADB8B2A9-030F-4370-9AD3-9C1952FE31E0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B4099ED2-9F02-4B59-BD07-15BA42878DEB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{BF180437-BA42-47EA-86C4-E1034F2652C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C1674B6F-19D8-46E7-B498-56D0B5AC4B01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D0B4E190-D7AC-4816-B1F6-9BA877D28CED}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{DCDF20B5-C6DC-4B06-9DCB-71E40B6C704A}" = lport=6112 | protocol=6 | dir=in | name=warcraft hosten (tcp) | 
"{DEE52D1E-7AD8-4587-8797-A336A942CFD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DFB2FDC5-AC69-46D9-B918-C8D3C3D1C974}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4ED2BDD-F5F1-4448-86EF-22328182D7C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F0AD1039-C922-48D5-A915-75A6627719C8}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | 
"{F4B94E0C-13A7-4238-ADE2-CFEA87226B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FD234473-D514-4495-9D7E-DA93CD8571DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FD9D77BE-C2C6-46A8-B921-44B7FF0CC0AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FEBE93D1-C791-43D6-A149-03E12BAA9F98}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EA7C1D-C51B-4363-B127-4D11EF1F7CF2}" = protocol=41 | dir=out | app=system | 
"{07857146-54F5-404C-B2AF-23E5F8B270FD}" = protocol=58 | dir=in | app=system | 
"{0AE01A6B-3E5B-4186-B521-5E57A0908AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1516A6E8-5B15-4ADC-B6A7-AC141C8EB166}" = protocol=58 | dir=out | name=kernnetzwerk - routerankündigung (icmpv6 ausgehend) | 
"{18398135-4B64-4406-B89A-6893889751F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19C5B54D-4E44-4D0F-A81B-8721687466C0}" = protocol=58 | dir=in | app=system | 
"{2D881E67-AC89-4417-B94D-B1F12B22AEEA}" = protocol=58 | dir=in | app=system | 
"{3056500B-E1AD-4B9F-9192-61A8C5A36D06}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | 
"{3127CCFC-444D-4677-8BB6-3FCADB49CC9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31F7B4CC-315B-4771-90C5-2346508D32D1}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörabfrage (icmpv6 ausgehend) | 
"{34975BFD-5193-4648-88B8-E11456940F7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{35318073-168C-4CBA-9ACC-B5B5C2438A5B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{380053FD-4EC8-48C1-B580-87E0EA7C9CCD}" = protocol=6 | dir=in | app=c:\progfiles\itunes\itunes.exe | 
"{4B50C50A-C5D8-4BB1-BF95-4FA8348197CA}" = protocol=1 | dir=in | app=system | 
"{52C5FB71-3087-40A9-9258-02A001F6C752}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{539EE3FA-207C-4BA5-B539-F9F7695B6704}" = protocol=58 | dir=in | app=system | 
"{5C96D9AE-02AC-4F75-8531-9BE55F67520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60231891-8EDF-4967-908D-0B19B961CF5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B0D204E-BE84-4507-BC7F-E9C0D60E0ACE}" = protocol=58 | dir=out | name=kernnetzwerk - zeitüberschreitung (icmpv6 ausgehend) | 
"{6EB29043-E7B3-4627-95F5-862CEE5B892B}" = protocol=58 | dir=in | app=system | 
"{72EE8667-87C0-4714-B93C-FA98BA3AF6F4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{790FFA2C-EBCD-4103-A7C1-3447363CEEAB}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht (icmpv6 ausgehend) | 
"{7B6C17ED-459C-41E4-890B-7854F2B640B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E07FE11-8F48-4EC8-8ABF-5F96B4E9BC6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{847993E7-A11C-4B11-9DCA-C208A2650937}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | 
"{857BDD0D-295F-4026-BEEF-2DD2A010222D}" = protocol=58 | dir=in | app=system | 
"{8BA0DDA9-D3C0-4D15-A650-6213891173AB}" = protocol=17 | dir=in | app=c:\progfiles\itunes\itunes.exe | 
"{8E493B07-5F47-48F6-AE90-5C7E3DB88CD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{921E215D-E43B-4C4C-8FD3-4A0B3B8481D1}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsanfrage (icmpv6 ausgehend) | 
"{92D14525-95D6-4698-AD31-7ECFA02F7350}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht v2 (icmpv6 ausgehend) | 
"{965E55CF-7ADF-495F-95A5-262731EDFCA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9B91B485-E126-4A8C-A06A-6EA661D9E790}" = protocol=41 | dir=in | app=system | 
"{9C1649E5-F2C9-4A26-8FDD-1C1686D24D6B}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsankündigung (icmpv6 ausgehend) | 
"{A6B366F9-F865-4036-AD89-BB5308496B7D}" = protocol=58 | dir=out | name=kernnetzwerk - routeranfrage (icmpv6 ausgehend) | 
"{A9E45AAD-C3EB-46C3-B13F-618218A2B693}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | 
"{AB2F0A65-7D60-4257-8191-CA9AEC3BF39F}" = protocol=6 | dir=out | app=system | 
"{AE50CCDF-CE9B-49E5-A7EE-8234071B33B8}" = protocol=2 | dir=in | app=system | 
"{AF3964B1-517D-43AD-B6E8-9869A17C1799}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{AF6942F8-3D04-470D-B417-A814BE9CF585}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörvorgang abgeschlossen (icmpv6 ausgehend) | 
"{B17E2752-A463-4FF4-88D3-5BB5228E1C09}" = protocol=58 | dir=in | app=system | 
"{BEDDA3A2-E64C-4CFD-9438-0763C8ECCCF5}" = protocol=58 | dir=in | app=system | 
"{C151598C-C645-4AB0-A7BF-3943C343F230}" = protocol=58 | dir=in | app=system | 
"{C46D1837-4E3D-4637-BFCD-B9FF14FC106A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D083D3B2-816D-43ED-A0AF-8577CE985BDD}" = protocol=2 | dir=out | app=system | 
"{D67D5A69-C19C-4255-BFB3-398D2BEF48FA}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | 
"{D9C8C3D5-E97B-4275-A216-267C11A87FB4}" = protocol=58 | dir=in | app=system | 
"{E2982187-6155-4B4C-AD9D-556DB2CC8AE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E444E485-F907-4E74-876E-7F05871BAB07}" = protocol=58 | dir=in | app=system | 
"{E68D854F-15AC-4168-89FC-B4D5B8CFDCD1}" = protocol=58 | dir=out | name=kernnetzwerk - parameterproblem (icmpv6 ausgehend) | 
"{E8089052-4DA6-4B5F-9A62-293A4498981B}" = protocol=58 | dir=out | name=kernnetzwerk - paket zu gross (icmpv6 ausgehend) | 
"{E97F0E39-5924-4C45-9DCB-E7A96F9C7533}" = protocol=58 | dir=in | app=system | 
"{F38372D4-EF54-4052-B299-FF49CFA53380}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F3FCC74E-5FC4-48AD-BEF1-87402F2B2D79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FACAEB83-3312-4D9C-979D-241358EA7513}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | 
"TCP Query User{040A77D4-C269-4FEC-9843-AE0918C9F810}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | 
"TCP Query User{0D1A2328-BB85-406B-B69A-21DCD2E563F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{22372A26-D688-4650-953E-FB0CBE63AD6F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | 
"TCP Query User{288018B9-20ED-4065-8190-340DAB7156C1}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | 
"TCP Query User{2D9EE5FD-7FAF-4D3D-A6FB-6BF3AF079657}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{2E648958-69DD-4501-8A4E-0D9DCE0AF2F8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{2FE0DB96-0D88-4DE3-99C4-97245DF2D068}F:\callofduty4\iw3mp.exe" = protocol=6 | dir=in | app=f:\callofduty4\iw3mp.exe | 
"TCP Query User{4518FABE-E6A7-4276-98A6-212B8B70330F}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | 
"TCP Query User{475C53F3-55E2-402E-AB30-70E9C7CD1C3F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | 
"TCP Query User{58D32D27-08C6-44E3-800F-358C6990D4B2}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | 
"TCP Query User{5A0DF772-B951-4485-906B-9AE926786D3F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{62F9BB5A-047F-45AB-9888-7227980F8F96}C:\progfiles\screamerradio\screamer.exe" = protocol=6 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | 
"TCP Query User{68A290FC-BF34-4278-BC2D-1F0543CAB416}C:\progfiles\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\progfiles\zattoo\zattood.exe | 
"TCP Query User{6BEB8DDB-06FE-49DF-9D3B-A60123DC6F19}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{70972043-A089-4B7D-9CEB-02940A6501B9}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{740BAB1F-6D64-4B75-A0F0-2C0959463A21}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"TCP Query User{7CF46998-ED4B-44FE-BA2A-9DB7CE7E7919}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"TCP Query User{84E52A8F-7A12-4E26-A5A3-E94F139147A1}C:\progfiles\garena\garena.exe" = protocol=6 | dir=in | app=c:\progfiles\garena\garena.exe | 
"TCP Query User{87862B45-EA94-4065-A0D2-D0814254A4B4}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | 
"TCP Query User{8B10CF85-D4DC-44A4-A5D8-EF6E6A8D09B1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{8EB4347A-06C9-4FF2-9592-57C118DBD47E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{986C8BEC-9FAE-4AFE-9768-C9391CD2B4AB}C:\progfiles\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\progfiles\firefox\firefox.exe | 
"TCP Query User{98A2A7F9-770B-4676-A924-FFF15EA432BE}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | 
"TCP Query User{99311A98-6A0C-419A-81E4-C68269C737EB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{B53B81CA-32F9-4D7C-9431-B17872382D31}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | 
"TCP Query User{BDF81878-22DF-4784-8B0D-063E84A4BB2B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | 
"TCP Query User{D7127690-B8D7-4BCB-BE91-B9777A037CBA}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | 
"TCP Query User{DDD2B434-CB82-48A1-AECC-E57EC3D967E8}C:\progfiles\icq6\icq.exe" = protocol=6 | dir=in | app=c:\progfiles\icq6\icq.exe | 
"TCP Query User{E61D138D-11DC-4EF7-9B44-F68CF26866D4}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | 
"TCP Query User{E8B709B1-9ACC-49DE-9EAA-702937865120}F:\serios sam ii\bin\sam2.exe" = protocol=6 | dir=in | app=f:\serios sam ii\bin\sam2.exe | 
"TCP Query User{E8EC0FD6-9538-4903-8B6A-0B62353E23F1}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | 
"TCP Query User{E91CD75E-963F-43A5-B4E3-825044A163B8}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | 
"TCP Query User{ED0BDEDC-B31B-4F37-BCC9-446AE8A1921B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | 
"TCP Query User{EDA64722-9CC6-41AA-A50D-A3D5DB7D2E84}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F2484FDC-7C5E-4351-A3F9-3012DDBA3C8E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{03E7B46B-31B0-436D-A1EE-DFD92363438E}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | 
"UDP Query User{0969CEB8-4C31-4381-95F0-7049E7E22BE3}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | 
"UDP Query User{10EC67F6-663D-47A2-A4D6-F5AFF2C10406}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{13544F0F-3A35-4B25-9F54-CA3ED7FFF3DC}C:\progfiles\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\progfiles\firefox\firefox.exe | 
"UDP Query User{1935E1FF-9806-4C40-BBAD-29AE173F99B5}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | 
"UDP Query User{217316AA-80B0-4B6D-A694-4D03F611CE9C}C:\progfiles\screamerradio\screamer.exe" = protocol=17 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | 
"UDP Query User{2B3C385E-FBB8-4C6B-A3C9-C9808776DE65}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | 
"UDP Query User{315F4795-2594-4011-A831-281BADCCCD69}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{42C667E3-7F8D-4844-A3C8-100B870922E3}F:\serios sam ii\bin\sam2.exe" = protocol=17 | dir=in | app=f:\serios sam ii\bin\sam2.exe | 
"UDP Query User{435FFE92-F275-40B0-BC64-6FE106BF4A2A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{46D5DB42-95CF-4125-AE0A-A61419396A55}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{5540E194-BF17-4517-BB89-88962D3EADC1}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | 
"UDP Query User{5586E9DA-02D1-41CC-898D-ED60E72152B3}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{56F3ABFF-8D06-4332-B5AD-F85EA33E7E91}F:\callofduty4\iw3mp.exe" = protocol=17 | dir=in | app=f:\callofduty4\iw3mp.exe | 
"UDP Query User{57F199C6-D85F-4715-A523-2A2069E2E38C}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | 
"UDP Query User{59C856D3-5AB1-4F10-90EF-D4EB41491BB4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{66575AE9-C0D4-454C-8157-FCB1129EB4BD}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"UDP Query User{6AC60CC6-AFC7-4E39-944C-BA11887C964D}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | 
"UDP Query User{6D0260B9-6763-485A-A942-EC606691F259}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | 
"UDP Query User{6F78FF01-CA2C-4BE8-9B19-6B274198FEC5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{70904A82-EF0D-46D5-9628-BF11580D11E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{710C74B2-1A3C-46E0-A97D-240CAB43E0C1}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{85E1CFB1-B4AA-4ED5-9D14-F5CFF96B2B76}C:\progfiles\garena\garena.exe" = protocol=17 | dir=in | app=c:\progfiles\garena\garena.exe | 
"UDP Query User{95428427-AFB4-4EE3-A146-6049A5A7E105}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9C18AEC0-4DA4-4F32-9019-B51D3B240235}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | 
"UDP Query User{9E22FA4F-0B9A-438C-8912-66BF20ACEEC2}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"UDP Query User{A1FA7043-06C2-4E10-AD02-9C99BD56FD8D}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | 
"UDP Query User{B6D23BB0-FC4C-4F83-A59E-EAA0B3331E00}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | 
"UDP Query User{BADEBABF-AF1B-4478-B5AB-34D0EC5E04E0}C:\progfiles\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\progfiles\zattoo\zattood.exe | 
"UDP Query User{C4405CDE-EF56-4DF8-A473-00952B53ACD5}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | 
"UDP Query User{D58B51BF-353D-4741-A9CD-B1EE0C087809}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | 
"UDP Query User{DA60D498-5BFB-4FAE-8A46-810771B87052}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{DE111D63-5C5B-4405-96CE-7DD7528E9CCC}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | 
"UDP Query User{F2F2DBF3-F3F1-4F89-B8CD-1A5332A2A027}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0192ED7A-0AF2-426B-AFDF-AD8506295C94}" = Error Fix
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{128A6D30-D64D-4923-8EA3-4A4C536E0A4C}" = Mega ePower 85 Software
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1" = Bombermaaan 1.4
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4BA56822-4E76-42EC-883F-52EF0859957E}" = S4 League_EU
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{ADC20BE6-8CA6-4989-B3E8-68EBD2AF1031}" = Nero 7 Essentials
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"Cossacks : Back To War" = Cossacks - Back To War
"Counter-Strike: Source" = Counter-Strike: Source
"DX-Ball 1.09" = DX-Ball 1.09
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Studio_is1" = Free Studio version 5.0.9
"FreePDF_XP" = FreePDF XP (Remove only)
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Red Alert" = Red Alert Windows 95
"Rohan_DE" = R.O.H.A.N. Vendetta
"SpeedSim" = SpeedSim
"SuperTux_is1" = SuperTux 0.1.3
"T4EPlayer" = T4E Player
"TmNationsForever_is1" = TmNationsForever
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.08.2009 18:00:19 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.08.2009 07:02:33 | Computer Name = MarcsPC | Source = ESENT | ID = 215
Description = WinMail (3060) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 20.08.2009 07:04:30 | Computer Name = MarcsPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 16.04.2008 09:35:30 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 18.04.2008 12:54:59 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 18.04.2008 16:09:11 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 01.06.2011 02:35:03 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 07:52:19 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.06.2011 08:09:02 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 08:09:02 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 09:25:07 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.06.2011 09:46:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 09:46:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 10:10:35 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 01.06.2011 10:38:47 | Computer Name = MarcsPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.06.2011 um 16:37:26 unerwartet heruntergefahren.
 
Error - 01.06.2011 10:40:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 01.06.2011, 17:00   #12
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



und jetzt das dritte und letzte Stück.

4.Gmer
Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-01 17:29:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort4 SAMSUNG_HD250HJ rev.FH100-05
Running: xrzv5vp7.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldypog.sys


---- System - GMER 1.0.15 ----

INT 0x52  ?                                                                                                                         84458BF8
INT 0x52  ?                                                                                                                         84458BF8
INT 0x52  ?                                                                                                                         84458BF8
INT 0x52  ?                                                                                                                         84458BF8
INT 0x52  ?                                                                                                                         863A5BF8
INT 0x52  ?                                                                                                                         84458BF8
INT 0x62  ?                                                                                                                         84458BF8
INT 0x72  ?                                                                                                                         84458BF8
INT 0xB4  ?                                                                                                                         863A5BF8

---- Kernel code sections - GMER 1.0.15 ----

?         System32\Drivers\sper.sys                                                                                                 Das System kann den angegebenen Pfad nicht finden. !
.text     USBPORT.SYS!DllUnload                                                                                                     8839441B 5 Bytes  JMP 863A51D8 
.text     C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                  section is writeable [0x8D400340, 0x39DB57, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text     C:\Windows\Explorer.EXE[296] ntdll.dll!NtProtectVirtualMemory                                                             770E4B84 5 Bytes  JMP 0179000A 
.text     C:\Windows\Explorer.EXE[296] ntdll.dll!NtWriteVirtualMemory                                                               770E54C4 5 Bytes  JMP 017A000A 
.text     C:\Windows\Explorer.EXE[296] ntdll.dll!KiUserExceptionDispatcher                                                          770E5BF8 5 Bytes  JMP 004C000A 
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] kernel32.dll!TerminateProcess             75D118EF 6 Bytes  PUSH 02502680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] kernel32.dll!FindNextFileA                75D32FF9 6 Bytes  PUSH 025024D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] kernel32.dll!FindNextFileW                75D3B79E 6 Bytes  PUSH 02502590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] kernel32.dll!ExitProcess                  75D541D8 6 Bytes  PUSH 02502630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] ADVAPI32.dll!RegDeleteValueA              75E12F59 6 Bytes  PUSH 02502340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] ADVAPI32.dll!RegDeleteValueW              75E13FB6 6 Bytes  PUSH 025023D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!closesocket                    75C8330C 5 Bytes  JMP 026B9E64 
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!recv                           75C8343A 5 Bytes  JMP 026B9AE2 
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!WSASend                        75C84496 5 Bytes  JMP 026B9BB5 
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!send                           75C8659B 5 Bytes  JMP 026B9A01 
.text     C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!WSARecv                        75C88400 5 Bytes  JMP 026B9D16 
.text     C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory                                                    770E4B84 5 Bytes  JMP 004C000A 
.text     C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory                                                      770E54C4 5 Bytes  JMP 004F000A 
.text     C:\Windows\system32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher                                                 770E5BF8 5 Bytes  JMP 004B000A 
.text     C:\Windows\system32\svchost.exe[1116] ole32.dll!CoCreateInstance                                                          75B29F3E 5 Bytes  JMP 0062000A 
.text     C:\Windows\system32\svchost.exe[1116] USER32.dll!WindowFromPoint                                                          7594884F 5 Bytes  JMP 018F000A 
.text     C:\Windows\system32\svchost.exe[1116] USER32.dll!GetForegroundWindow                                                      759532C4 5 Bytes  JMP 0190000A 
.text     C:\Windows\system32\svchost.exe[1116] USER32.dll!GetCursorPos                                                             75960B88 5 Bytes  JMP 013E000A 
.text     C:\Windows\system32\taskeng.exe[1996] kernel32.dll!TerminateProcess                                                       75D118EF 6 Bytes  PUSH 031A2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\taskeng.exe[1996] kernel32.dll!FindNextFileA                                                          75D32FF9 6 Bytes  PUSH 031A24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\taskeng.exe[1996] kernel32.dll!FindNextFileW                                                          75D3B79E 6 Bytes  PUSH 031A2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\taskeng.exe[1996] kernel32.dll!ExitProcess                                                            75D541D8 6 Bytes  PUSH 031A2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!RegDeleteValueA                                                        75E12F59 6 Bytes  PUSH 031A2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!RegDeleteValueW                                                        75E13FB6 6 Bytes  PUSH 031A23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!closesocket                                                              75C8330C 5 Bytes  JMP 02289E64 
.text     C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!recv                                                                     75C8343A 5 Bytes  JMP 02289AE2 
.text     C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!WSASend                                                                  75C84496 5 Bytes  JMP 02289BB5 
.text     C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!send                                                                     75C8659B 5 Bytes  JMP 02289A01 
.text     C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!WSARecv                                                                  75C88400 5 Bytes  JMP 02289D16 
.text     C:\Windows\system32\Dwm.exe[2012] kernel32.dll!TerminateProcess                                                           75D118EF 6 Bytes  PUSH 05FE2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\Dwm.exe[2012] kernel32.dll!FindNextFileA                                                              75D32FF9 6 Bytes  PUSH 05FE24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\Dwm.exe[2012] kernel32.dll!FindNextFileW                                                              75D3B79E 6 Bytes  PUSH 05FE2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\Dwm.exe[2012] kernel32.dll!ExitProcess                                                                75D541D8 6 Bytes  PUSH 05FE2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\Dwm.exe[2012] ADVAPI32.dll!RegDeleteValueA                                                            75E12F59 6 Bytes  PUSH 05FE2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\Dwm.exe[2012] ADVAPI32.dll!RegDeleteValueW                                                            75E13FB6 6 Bytes  PUSH 05FE23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!closesocket                                                                  75C8330C 5 Bytes  JMP 06389E64 
.text     C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!recv                                                                         75C8343A 5 Bytes  JMP 06389AE2 
.text     C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!WSASend                                                                      75C84496 5 Bytes  JMP 06389BB5 
.text     C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!send                                                                         75C8659B 5 Bytes  JMP 06389A01 
.text     C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!WSARecv                                                                      75C88400 5 Bytes  JMP 06389D16 
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] kernel32.dll!TerminateProcess                                          75D118EF 6 Bytes  PUSH 02082680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] kernel32.dll!FindNextFileA                                             75D32FF9 6 Bytes  PUSH 020824D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] kernel32.dll!FindNextFileW                                             75D3B79E 6 Bytes  PUSH 02082590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] kernel32.dll!ExitProcess                                               75D541D8 6 Bytes  PUSH 02082630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] ADVAPI32.dll!RegDeleteValueA                                           75E12F59 6 Bytes  PUSH 02082340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] ADVAPI32.dll!RegDeleteValueW                                           75E13FB6 6 Bytes  PUSH 020823D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!closesocket                                                 75C8330C 5 Bytes  JMP 02E69E64 
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!recv                                                        75C8343A 5 Bytes  JMP 02E69AE2 
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!WSASend                                                     75C84496 5 Bytes  JMP 02E69BB5 
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!send                                                        75C8659B 5 Bytes  JMP 02E69A01 
.text     C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!WSARecv                                                     75C88400 5 Bytes  JMP 02E69D16 
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] kernel32.dll!TerminateProcess  75D118EF 6 Bytes  PUSH 00AB2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] kernel32.dll!FindNextFileA     75D32FF9 6 Bytes  PUSH 00AB24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] kernel32.dll!FindNextFileW     75D3B79E 6 Bytes  PUSH 00AB2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] kernel32.dll!ExitProcess       75D541D8 6 Bytes  PUSH 00AB2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] ADVAPI32.dll!RegDeleteValueA   75E12F59 6 Bytes  PUSH 00AB2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] ADVAPI32.dll!RegDeleteValueW   75E13FB6 6 Bytes  PUSH 00AB23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!closesocket         75C8330C 5 Bytes  JMP 01EF9E64 
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!recv                75C8343A 5 Bytes  JMP 01EF9AE2 
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!WSASend             75C84496 5 Bytes  JMP 01EF9BB5 
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!send                75C8659B 5 Bytes  JMP 01EF9A01 
.text     C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!WSARecv             75C88400 5 Bytes  JMP 01EF9D16 
.text     C:\Windows\System32\rundll32.exe[2856] kernel32.dll!TerminateProcess                                                      75D118EF 6 Bytes  PUSH 00C72680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\System32\rundll32.exe[2856] kernel32.dll!FindNextFileA                                                         75D32FF9 6 Bytes  PUSH 00C724D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\System32\rundll32.exe[2856] kernel32.dll!FindNextFileW                                                         75D3B79E 6 Bytes  PUSH 00C72590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\System32\rundll32.exe[2856] kernel32.dll!ExitProcess                                                           75D541D8 6 Bytes  PUSH 00C72630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\System32\rundll32.exe[2856] ADVAPI32.dll!RegDeleteValueA                                                       75E12F59 6 Bytes  PUSH 00C72340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\System32\rundll32.exe[2856] ADVAPI32.dll!RegDeleteValueW                                                       75E13FB6 6 Bytes  PUSH 00C723D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!closesocket                                                             75C8330C 5 Bytes  JMP 02249E64 
.text     C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!recv                                                                    75C8343A 5 Bytes  JMP 02249AE2 
.text     C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!WSASend                                                                 75C84496 5 Bytes  JMP 02249BB5 
.text     C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!send                                                                    75C8659B 5 Bytes  JMP 02249A01 
.text     C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!WSARecv                                                                 75C88400 5 Bytes  JMP 02249D16 
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] kernel32.dll!TerminateProcess                                          75D118EF 6 Bytes  PUSH 05FC2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] kernel32.dll!FindNextFileA                                             75D32FF9 6 Bytes  PUSH 05FC24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] kernel32.dll!FindNextFileW                                             75D3B79E 6 Bytes  PUSH 05FC2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] kernel32.dll!ExitProcess                                               75D541D8 6 Bytes  PUSH 05FC2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] ADVAPI32.dll!RegDeleteValueA                                           75E12F59 6 Bytes  PUSH 05FC2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] ADVAPI32.dll!RegDeleteValueW                                           75E13FB6 6 Bytes  PUSH 05FC23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!closesocket                                                 75C8330C 5 Bytes  JMP 05309E64 
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!recv                                                        75C8343A 5 Bytes  JMP 05309AE2 
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!WSASend                                                     75C84496 5 Bytes  JMP 05309BB5 
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!send                                                        75C8659B 5 Bytes  JMP 05309A01 
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!WSARecv                                                     75C88400 5 Bytes  JMP 05309D16 
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] kernel32.dll!TerminateProcess                 75D118EF 6 Bytes  PUSH 05CA2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] kernel32.dll!FindNextFileA                    75D32FF9 6 Bytes  PUSH 05CA24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] kernel32.dll!FindNextFileW                    75D3B79E 6 Bytes  PUSH 05CA2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] kernel32.dll!ExitProcess                      75D541D8 6 Bytes  PUSH 05CA2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] ADVAPI32.dll!RegDeleteValueA                  75E12F59 6 Bytes  PUSH 05CA2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] ADVAPI32.dll!RegDeleteValueW                  75E13FB6 6 Bytes  PUSH 05CA23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!closesocket                        75C8330C 5 Bytes  JMP 05DB9E64 
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!recv                               75C8343A 5 Bytes  JMP 05DB9AE2 
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!WSASend                            75C84496 5 Bytes  JMP 05DB9BB5 
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!send                               75C8659B 5 Bytes  JMP 05DB9A01 
.text     C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!WSARecv                            75C88400 5 Bytes  JMP 05DB9D16 
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] kernel32.dll!TerminateProcess                               75D118EF 6 Bytes  PUSH 03C62680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] kernel32.dll!FindNextFileA                                  75D32FF9 6 Bytes  PUSH 03C624D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] kernel32.dll!FindNextFileW                                  75D3B79E 6 Bytes  PUSH 03C62590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] kernel32.dll!ExitProcess                                    75D541D8 6 Bytes  PUSH 03C62630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ADVAPI32.dll!RegDeleteValueA                                75E12F59 6 Bytes  PUSH 03C62340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ADVAPI32.dll!RegDeleteValueW                                75E13FB6 6 Bytes  PUSH 03C623D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp)
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!closesocket                                      75C8330C 5 Bytes  JMP 01D79E64 
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!recv                                             75C8343A 5 Bytes  JMP 01D79AE2 
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!WSASend                                          75C84496 5 Bytes  JMP 01D79BB5 
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!send                                             75C8659B 5 Bytes  JMP 01D79A01 
.text     C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!WSARecv                                          75C88400 5 Bytes  JMP 01D79D16 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                 [806056D2] \SystemRoot\System32\Drivers\sper.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                  [80605040] \SystemRoot\System32\Drivers\sper.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                          [806057FC] \SystemRoot\System32\Drivers\sper.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                 [806050BE] \SystemRoot\System32\Drivers\sper.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                           [8060513C] \SystemRoot\System32\Drivers\sper.sys

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                    8521D1F8
Device    \Driver\volmgr \Device\VolMgrControl                                                                                      8445A1F8
Device    \Driver\usbohci \Device\USBPDO-0                                                                                          863831F8
Device    \Driver\usbehci \Device\USBPDO-1                                                                                          849701F8
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                                    8445A1F8
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                                    8445A1F8
Device    \Driver\cdrom \Device\CdRom0                                                                                              849731F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                        8521B1F8
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                        8521B1F8
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                        8521B1F8
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                        8521B1F8
Device    \Driver\atapi \Device\Ide\IdePort4                                                                                        8521B1F8
Device    \Driver\atapi \Device\Ide\IdePort5                                                                                        8521B1F8
Device    \Driver\msahci \Device\Ide\PciIde1Channel0                                                                                8521C1F8
Device    \Driver\msahci \Device\Ide\PciIde1Channel1                                                                                8521C1F8
Device    \Driver\msahci \Device\Ide\PciIde1Channel2                                                                                8521C1F8
Device    \Driver\msahci \Device\Ide\PciIde1Channel3                                                                                8521C1F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-7                                                                               8521B1F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6                                                                               8521B1F8
Device    \Driver\volmgr \Device\HarddiskVolume3                                                                                    8445A1F8
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                                   86631500
Device    \Driver\Smb \Device\NetbiosSmb                                                                                            8653D1F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{B00D18A5-30D7-4BB1-A95A-9A338C37A8F2}                                                  86631500
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                        863871F8
Device    \Driver\usbohci \Device\USBFDO-0                                                                                          863831F8
Device    \Driver\usbehci \Device\USBFDO-1                                                                                          849701F8
Device    \FileSystem\cdfs \Cdfs                                                                                                    8704A1F8

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                      
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                           C:\ProgFiles\DAEMON_Tools\
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                           0
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                        0x7B 0x51 0x82 0x42 ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)             
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                  0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                               0x96 0xC1 0x1B 0x2D ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                         0xD4 0xFE 0x4C 0x64 ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                         0x32 0xF6 0x33 0xC3 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                      
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                           C:\ProgFiles\DAEMON_Tools\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                           0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                        0x7B 0x51 0x82 0x42 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)             
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                  0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                               0x96 0xC1 0x1B 0x2D ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                         0xD4 0xFE 0x4C 0x64 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                         0x32 0xF6 0x33 0xC3 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                        771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                        285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                        1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                          
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\ProgFiles\DAEMON_Tools\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x7B 0x51 0x82 0x42 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                 
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x96 0xC1 0x1B 0x2D ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0xD4 0xFE 0x4C 0x64 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                     0x32 0xF6 0x33 0xC3 ...

---- Disk sectors - GMER 1.0.15 ----

Disk      \Device\Harddisk0\DR0                                                                                                     TDL4@MBR code has been found                                                                           <-- ROOTKIT !!!
Disk      \Device\Harddisk0\DR0                                                                                                     sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
         
5. War nichts drinnen.

Danke dir nochmal für die Hilfe.
Und wollte nebenbei mal fragen woher du dein Computertechnisches wissen hast.

Alt 01.06.2011, 20:04   #13
kira
/// Helfer-Team
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



In einem anderen Forum Einschulung gehabt. Natürlich die Entwicklung geht weiter, weil ja es werden (leider) ständig neue Viren erzeugt. Aber wir zeigen uns kämpferisch und versuchen das Beste draus zu machen
Ansonsten einfach Hobby von mir, weil Bereich der Virenbekämpfung sehr interessant ist, auch eine Herausforderung und man hilft doch auch gern ...
ausserdem es wird von Jahr zu Jahr interessanter, eine sehr gute Erfahrung und man sehr viel dabei lernen kann


- Nun ist es traurige Gewissheit, vermutlich das bösartige MBR-Rootkit hat sich im MBR festgesetzt...
Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren.

- wenn Du statt Format C:\ für Systemreinigung entscheidest, dann so geht`s weiter:

TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 01.06.2011, 22:24   #14
MasterDragon
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



Achso okey.
Weil ich mir jetzt auchn bisschen das schreiben beigebracht hab.

Also wie darf ich das denn verstehn?
- Nun ist es traurige Gewissheit, vermutlich das bösartige MBR-Rootkit hat sich im MBR festgesetzt...
Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren.

- wenn Du statt Format C:\ für Systemreinigung entscheidest, dann so geht`s weiter:

und wie zieh ich das auf den Desktop und nicht in einem Ordner auf den Desktop?

Alt 01.06.2011, 22:32   #15
kira
/// Helfer-Team
 
Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - Standard

Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH



keine Ordner anlegen für...
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH
absoluter, gefunde, java-virus, java-virus java/stutter.ag, java-virus java/stutter.ah, neuling, problem, sache, sachen, viren



Ähnliche Themen: Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH


  1. Währens trovigo-Virus-Entfernung Java-Virus Java/Exploit.Agent.OHY trojan entdeckt, den ich nicht loswerde.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (11)
  2. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  3. Java-Virus JAVA/Dldr.Themod.IE + EXP/CVE-2013-0431.BK mit Avira entdeckt
    Log-Analyse und Auswertung - 06.06.2013 (15)
  4. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  5. Funde von Avira & Malwarebytes A-M: Java-Virus JAVA/Rilly.CL & Trojan.Zbot.EPSF
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (17)
  6. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  7. Java-Virus JAVA/Tange.C, Java-Virus JAVA/Stutter.AI.3,...
    Log-Analyse und Auswertung - 07.10.2012 (14)
  8. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  9. Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (18)
  10. Rechner hakt alle paar sekunden, Programme öffnen erst nach mehreren Minuten, JAVA/Stutter.I.1
    Log-Analyse und Auswertung - 01.08.2011 (1)
  11. Java-Virus JAVA/Stutter.E
    Log-Analyse und Auswertung - 01.07.2011 (38)
  12. TR/Dropper.gen , JAVA/Agent.10515 und JAVA/Stutter.I.1 halten sich hartnäckig im System
    Log-Analyse und Auswertung - 28.04.2011 (46)
  13. Trojanische Pferd TR/EyeStye.H.128 und Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI gefunden!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (26)
  14. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  15. Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C
    Plagegeister aller Art und deren Bekämpfung - 12.11.2010 (18)
  16. Trojanische Pferd TR/Click.Cycler.akna und Java-Virus JAVA/Dldr.Agent.W
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (1)
  17. Virus Java-Virus JAVA/Dldr.Agent.C gefunden; Bitte um Prüfung des Hijack Logfiles
    Log-Analyse und Auswertung - 24.07.2007 (3)

Zum Thema Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH - So, ich habe ein Problem mit den oben genannten Viren, Java-Virus JAVA/Stutter.AH wurde 1xmal gefunden und Java-Virus JAVA/Stutter.AG 2xMal Wie gehe ich jetzt dagegen vor? Bin ein absoluter Neuling in - Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH...
Archiv
Du betrachtest: Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.