| Holzwurm 2 | 10.06.2011 16:49 |
Problem mit IDE/SATA-Fetsplatten
Hallo
Wie so viele habe ich mir auch etwas eingefangen.
Habe das gleiche Problem. http://www.trojaner-board.de/100072-...tgestellt.html
Ich habe einen OTL log und bitte um Hilfe. Code:
OTL logfile created on: 10.06.2011 17:25:22 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,96% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 73,77 Gb Free Space | 49,49% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 120,37 Gb Free Space | 86,42% Space Free | Partition Type: NTFS
Drive E: | 1,89 Gb Total Space | 1,88 Gb Free Space | 99,51% Space Free | Partition Type: FAT
Computer Name: HOLZWURM | User Name: irarref575 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Users\irarref575\AppData\Local\Apps\2.0\1CEDPDX9.Z1J\8Q3ZH6PO.5TX\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
========== Modules (SafeList) ==========
MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
========== Driver Services (SafeList) ==========
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech )
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.06.05 20:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010.09.03 20:51:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.02 07:34:34 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 12:45:57 | 000,000,000 | -H-D | M]
[2010.12.10 20:36:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Extensions
[2010.12.10 20:36:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.05.24 21:35:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions
[2010.04.29 08:36:44 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.04 17:26:35 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\irarref575\AppData\Roaming\mozilla\Firefox\Profiles\x3t7edo9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.03 12:46:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.05.03 12:46:16 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2010.09.03 20:51:24 | 000,000,000 | ---D | M] (LG Air Sync) -- C:\PROGRAM FILES\LG ELECTRONICS\LG PC SUITE IV\LINKAIR\{00ADD29A-66F4-4F22-BCC0-4C1D29DA647B}
() (No name found) -- C:\USERS\IRARREF575\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3T7EDO9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.02 07:34:32 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\irarref575\AppData\Local\Apps\2.0\1CEDPDX9.Z1J\8Q3ZH6PO.5TX\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\irarref575\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\irarref575\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\Shell - "" = AutoRun
O33 - MountPoints2\{4e0a1186-b75b-11df-b5ba-00224332dce4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{59da691c-0366-11df-8447-00235484469c}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c08c06-1847-11e0-a30d-00224332dce4}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.06.10 16:42:47 | 000,000,000 | ---D | C] -- C:\Users\irarref575\AppData\Roaming\Malwarebytes
[2011.06.10 16:42:39 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.10 16:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.10 16:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.10 16:42:34 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.10 16:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.09 16:20:46 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
[2011.06.01 08:18:14 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\irarref575\AppData\Roaming\pcouffin.sys
[2011.06.01 08:18:14 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Vso
[2011.06.01 08:18:14 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\Documents\PcSetup
[2011.06.01 08:16:02 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.26 10:58:47 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\PDF24
[2011.05.26 10:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2011.05.26 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2011.05.23 23:05:02 | 000,016,896 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\System32\drivers\FlashUSB.sys
[2011.05.23 23:05:02 | 000,000,000 | -H-D | C] -- C:\ifx
[2011.05.23 23:02:06 | 000,000,000 | -H-D | C] -- C:\LG_USB
[2011.05.23 22:16:56 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2011.05.23 22:16:56 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2011.05.23 22:16:56 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2011.05.23 22:16:11 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\Apps
[2011.05.23 22:16:10 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Local\Deployment
[2011.05.23 22:10:09 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\Documents\OneNote-Notizbücher
[2011.05.23 13:44:46 | 000,000,000 | -H-D | C] -- C:\Users\irarref575\AppData\Roaming\vlc
[2011.05.12 16:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ==========
[2011.06.10 17:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.10 17:03:00 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.06.10 17:02:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.10 17:02:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.10 17:02:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.10 17:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.10 17:02:09 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.10 16:42:39 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.10 16:38:52 | 000,678,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.10 16:38:52 | 000,637,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.10 16:38:52 | 000,147,244 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.10 16:38:52 | 000,120,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.09 16:44:41 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~39968504r
[2011.06.09 16:44:41 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~39968504
[2011.06.09 16:20:47 | 000,000,600 | -H-- | M] () -- C:\Users\irarref575\Desktop\Windows Vista Restore.lnk
[2011.06.09 16:20:34 | 000,000,336 | -H-- | M] () -- C:\ProgramData\39968504
[2011.06.09 11:05:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.06.08 22:30:04 | 000,120,320 | -H-- | M] () -- C:\Users\irarref575\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.01 08:18:14 | 000,087,608 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\inst.exe
[2011.06.01 08:18:14 | 000,047,360 | -H-- | M] (VSO Software) -- C:\Users\irarref575\AppData\Roaming\pcouffin.sys
[2011.06.01 08:18:14 | 000,007,887 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.cat
[2011.06.01 08:18:14 | 000,001,144 | -H-- | M] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.inf
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.23 23:00:09 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2011.05.23 22:59:58 | 000,000,774 | -H-- | M] () -- C:\Users\irarref575\Desktop\LGMobile update.lnk
[2011.05.23 22:16:32 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2011.05.23 22:16:30 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2011.05.23 08:12:04 | 000,000,680 | -H-- | M] () -- C:\Users\irarref575\AppData\Local\d3d9caps.dat
========== Files Created - No Company Name ==========
[2011.06.10 16:42:39 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.09 16:20:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~39968504r
[2011.06.09 16:20:48 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~39968504
[2011.06.09 16:20:47 | 000,000,600 | -H-- | C] () -- C:\Users\irarref575\Desktop\Windows Vista Restore.lnk
[2011.06.09 16:20:34 | 000,000,336 | -H-- | C] () -- C:\ProgramData\39968504
[2011.06.01 08:18:14 | 000,087,608 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\inst.exe
[2011.06.01 08:18:14 | 000,007,887 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.cat
[2011.06.01 08:18:14 | 000,001,144 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\pcouffin.inf
[2011.01.23 21:16:45 | 000,000,680 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\d3d9caps.dat
[2010.09.16 23:35:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.09.16 23:35:32 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.09.03 21:26:52 | 000,038,214 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2010.06.29 06:34:58 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2009.08.26 09:31:31 | 002,707,563 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\NMM-MetaData.db
[2009.06.22 21:18:01 | 000,256,158 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\mdbu.bin
[2009.05.31 21:46:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.31 21:46:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.12 00:57:00 | 000,013,855 | -H-- | C] () -- C:\Users\irarref575\AppData\Roaming\UserTile.png
[2009.03.01 19:23:19 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2009.01.15 00:36:02 | 000,000,098 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\fusioncache.dat
[2009.01.02 19:17:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.01.02 18:30:01 | 000,120,320 | -H-- | C] () -- C:\Users\irarref575\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.11 01:24:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.11.11 01:19:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008.11.11 01:19:06 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008.11.11 01:19:03 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.11.10 23:57:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.10 23:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.04.16 13:11:34 | 000,678,092 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,147,244 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.03.09 15:32:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.04 13:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.02.28 04:14:03 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,406,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,637,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,120,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.02.25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
========== LOP Check ==========
[2009.01.05 21:09:03 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools
[2009.01.05 20:56:31 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools Lite
[2009.01.05 21:09:03 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\DAEMON Tools Pro
[2011.03.09 10:01:50 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\FRITZ!
[2011.01.12 20:23:28 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\FUJIFILM
[2010.09.17 00:01:33 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\ML
[2009.06.05 11:35:26 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Mp3tag
[2009.06.05 10:54:55 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Nokia
[2009.06.05 10:41:02 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\PC Suite
[2009.03.12 00:57:00 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\PeerNetworking
[2011.01.28 21:43:34 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Teleca
[2010.12.10 20:36:33 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\TomTom
[2011.06.01 08:18:15 | 000,000,000 | -H-D | M] -- C:\Users\irarref575\AppData\Roaming\Vso
[2011.06.10 17:01:20 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.20 16:46:06 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DAC806BD-EA5E-43F7-A13C-BF225E18D1DF}.job
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 10.06.2011 17:25:22 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,96% Memory free
6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 73,77 Gb Free Space | 49,49% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 120,37 Gb Free Space | 86,42% Space Free | Partition Type: NTFS
Drive E: | 1,89 Gb Total Space | 1,88 Gb Free Space | 99,51% Space Free | Partition Type: FAT
Computer Name: HOLZWURM | User Name: irarref575 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A2323B-8220-4716-B91A-8011D873DBD3}" = rport=445 | protocol=6 | dir=out | app=system |
"{1336F39A-AFAC-4DB6-A290-FF12B67734C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FBB7E3B-3312-47F7-B997-300235CD3663}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A96E6D3-C280-4997-BC71-D9155CEC4794}" = rport=138 | protocol=17 | dir=out | app=system |
"{45553A84-5EB7-4383-8845-3FBF5FAFD6C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45E483D3-CB34-4D49-BF3C-1089B225F3AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C05F9B7-CF2D-41DF-8D71-66BA40B7C85A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52D05BB7-D592-457A-9BBE-F9BA99C3D687}" = lport=139 | protocol=6 | dir=in | app=system |
"{601D63A7-F111-4CA0-B58B-C7CEB746D8A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{78E2D20C-A5AD-424B-A96D-D1D411E0E28C}" = rport=137 | protocol=17 | dir=out | app=system |
"{797061C8-B8F8-4BF7-95FB-F0D36C5B79C7}" = lport=445 | protocol=6 | dir=in | app=system |
"{93920541-E658-4EAF-A897-C3A4F51A5495}" = lport=137 | protocol=17 | dir=in | app=system |
"{96CE9379-8C59-4124-AC74-BDFEED0E6E6B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9735E29B-085B-44FA-9CCE-D1FB110C1051}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A8A09511-E36E-47C2-A72A-A9CEE2B68B1C}" = rport=139 | protocol=6 | dir=out | app=system |
"{AF6E000A-F7C0-4C5F-ACBF-527232BC9145}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BA00EA41-CEF6-480D-ACA2-8B17CF031788}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D84069AA-D67E-488D-BE97-0EE796EDC0FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E3A0E6F3-0573-4AD2-B46C-F3D6C9563E85}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B89225-D4D3-4AA4-898A-5F30872F2AF2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{1974B17D-9FCF-4978-80CF-BC580DEF4771}" = protocol=6 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{32A42354-83D6-4999-A6A4-D93EE4F6F8D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43FB0FC8-798F-4510-8931-85AAAF4EC93C}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{48D36D0C-1463-428F-A7BE-FC373E667899}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{524F97C3-658D-4C69-81C8-C7CFD6BECD76}" = protocol=17 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{584796A8-8E57-494D-AFAD-20F90E6A3E14}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5FC8016D-D74D-46F6-BF48-E51FB10295CA}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{71819097-990E-418B-AEB0-D25150E08CA2}" = protocol=17 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{73D5A79B-882D-47E7-8D9D-5ABD72627C71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{775FCAEC-D7E7-4C91-B569-B72421394B38}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7AB0479E-AD45-4723-8C26-ACB13507CD41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7C2220E9-041F-4A7B-8086-BFD3BD31885D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{831B8E3C-EBA1-4351-9B60-FA681B5EFF57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9CF141DC-A75F-43C4-8DD1-775E44C7919A}" = protocol=6 | dir=in | app=c:\users\irarref575\appdata\local\apps\2.0\1cedpdx9.z1j\8q3zh6po.5tx\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{CEB49EC0-0ECF-4212-AEAB-6562D0F66586}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D30E1B66-5793-4BCE-9674-6D95DD26875C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DD4D1ABC-C2DB-4B9E-A2A4-C69DB847C9B7}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{EBD9B9A8-043B-49B2-BD59-23D48F372714}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{F81CCF73-B251-4EFD-8F9D-06499A3E94AA}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft totalmedia\totalmedia.exe |
"{FBB6952B-A3F8-4F6F-9AA3-2DE0815AF73D}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft totalmedia\totalmedia.exe |
"TCP Query User{0C681BFB-5BCB-43FC-BB80-7640C575E2EC}C:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"TCP Query User{1102CEB2-1136-46F9-8DB1-81A311DEE7F8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{147B9FE5-06B0-49CD-8FE8-787DABBD69C0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{1D23D45B-08E2-4D20-A89A-EA54F6130F54}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{2E0CA8F8-E509-4C1E-BEF4-9089FF5C0D8A}D:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe |
"TCP Query User{4F2C8516-669A-4AF2-B0DE-9FE8AFF40B61}D:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe |
"TCP Query User{67AEE045-D564-4E54-BD10-C0FE4845DD10}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{AAF0A85B-6B1C-4981-9EFA-D5E4D32ECF64}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{ACAECD4E-123A-4FAE-9309-CB74AC1F1FB7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{D61F9CA2-24E6-4BC4-ACE9-9E1078F39F99}D:\neuer ordner\cod4\cod4\iw3mp.exe" = protocol=6 | dir=in | app=d:\neuer ordner\cod4\cod4\iw3mp.exe |
"TCP Query User{D8A0D2B4-A941-4AD2-91CE-9A5E5B1C060F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E296349A-C379-44B6-A31E-BAB6640A262E}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"TCP Query User{ECF60BC5-9EC9-494D-B1EC-0490F8CAF1FE}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"UDP Query User{2689C806-7553-4728-A8A4-6F149C96DCEB}D:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steamapps\oz.racing\day of defeat source\hl2.exe |
"UDP Query User{3B3F54F4-0863-4D8A-A307-39E3477A54D5}C:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\irarref575\desktop\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"UDP Query User{3BAAE4DB-74DB-47AD-AB09-5C2EA06BA8F2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4A81A867-E6BC-42F4-A59E-C97FBCB88FD8}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
"UDP Query User{7D0C2B6B-A706-4C51-9970-E6CC81CF1F89}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{8222BDE7-C16B-43AC-994C-57FA1CF6BAD9}D:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\neuer ordner\steam\steamapps\oz.racing\day of defeat source\hl2.exe |
"UDP Query User{8AB6D321-361E-4A08-BADD-36BF0D676D54}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{A39FF9F3-919D-434A-B12E-67D155315506}D:\neuer ordner\cod4\cod4\iw3mp.exe" = protocol=17 | dir=in | app=d:\neuer ordner\cod4\cod4\iw3mp.exe |
"UDP Query User{BA985D21-8843-4846-92B1-04F4EDF46BB4}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{BF6CF929-AE18-4695-9763-D79507A07039}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{CC46F96F-4DC4-4AF3-8188-C014F830D27B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F369DD4E-EB21-452A-9626-5BBCF234594F}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{FD224C18-2BD6-432C-A647-8E116B863710}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{D09E159D-0264-4597-B200-A9B4C0866F25}" = Samsung RAW Converter 4
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem (02/24/2009 4.0)
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem (02/23/2009 7.01.0.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{D09E159D-0264-4597-B200-A9B4C0866F25}" = Samsung RAW Converter 4
"Intelli-studio" = SAMSUNG Intelli-studio
"LG Internet Kit" = LG Internet Kit
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mp3tag" = Mp3tag v2.43
"Nokia PC Suite" = Nokia PC Suite
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"TomTom HOME" = TomTom HOME 2.8.1.2218
"Valentin Meteo Data 1.0.24_is1" = Valentin Meteo Data 1.0.24
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2011 09:37:28 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.05.2011 09:38:37 | Computer Name = Holzwurm | Source = WinMgmt | ID = 10
Description =
Error - 02.05.2011 09:46:18 | Computer Name = Holzwurm | Source = EventSystem | ID = 4621
Description =
Error - 03.05.2011 06:35:01 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.05.2011 06:35:01 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.05.2011 06:35:45 | Computer Name = Holzwurm | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2011 06:39:51 | Computer Name = Holzwurm | Source = VSS | ID = 8193
Description =
Error - 03.05.2011 06:44:43 | Computer Name = Holzwurm | Source = VSS | ID = 8193
Description =
Error - 03.05.2011 06:45:29 | Computer Name = Holzwurm | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.05.2011 06:46:45 | Computer Name = Holzwurm | Source = EventSystem | ID = 4621
Description =
[ Media Center Events ]
Error - 30.01.2011 16:01:59 | Computer Name = Holzwurm | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ System Events ]
Error - 09.06.2011 14:07:47 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 09.06.2011 14:08:34 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.06.2011 10:01:20 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 10.06.2011 10:02:32 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.06.2011 10:33:51 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 10.06.2011 10:34:41 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.06.2011 10:52:26 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 10.06.2011 10:54:22 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.06.2011 11:02:15 | Computer Name = Holzwurm | Source = Microsoft-Windows-Eventlog | ID = 22
Description =
Error - 10.06.2011 11:03:08 | Computer Name = Holzwurm | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Malwarebytes habe ich durchlaufen lassen aber vergesser vor dem Neustart den Bericht zu sichern. Sorry.
Im Benutzerkonto 2 kommen die Fehlermeldungen nicht. Ich kann aber auf keine Dateien meines Kontos zugreifen. Alles leer bzw. wird nicht angezeigt.
Danke
Wer suchet der findet Code:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6826
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
10.06.2011 16:50:31
mbam-log-2011-06-10 (16-50-31).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168851
Laufzeit: 4 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hupbXGtblaxktVF (Trojan.FakeAlert) -> Value: hupbXGtblaxktVF -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Wer suchet der findet
Infizierte Dateien:
c:\programdata\hupbxgtblaxktvf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\39968504.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\9186.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\91B6.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\9840.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\irarref575\AppData\Local\Temp\tmp9138.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Ist das ein Virus? Kann ich irgendwie an meine Daten kommen?
Für Hilfe bin ich sehr dankbar.
Gruß Christian |
