Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4052
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18702
25.05.2010 12:27:30
mbam-log-2010-05-25 (12-27-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 206158
Laufzeit: 1 Stunde(n), 4 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4
Infizierte Speicherprozesse:
C:\Users\***\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opqnlisys (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Users\Sommer\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RPVZM7B\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4NV2ZYQ\kkemu[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\khgdab.dll (Trojan.Vundo) -> Delete on reboot.
Code:
OTL logfile created on: 25.05.2010 13:00:09 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 32,90 Gb Free Space | 35,68% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 131,80 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
========== Driver Services (SafeList) ==========
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 18:48:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 18:48:55 | 000,000,000 | ---D | M]
[2009.03.27 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.05.23 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions
[2010.05.23 14:00:35 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.04.18 20:17:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ikjg0ue5.default\extensions\searchrecs@veoh.com
[2010.05.23 21:08:40 | 000,000,955 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ikjg0ue5.default\searchplugins\icqplugin.xml
[2010.05.24 00:08:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.27 21:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.01 05:29:19 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.02.19 16:10:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:10:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 16:10:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:10:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:10:01 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FSC OSD Utility] c:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [fccyyasys] c:\users\***\appdata\local\temp\khgdab.DLL File not found
O4 - HKCU..\Run: [fsc-reg] C:\fsc-reg\fscreg.exe (Fujitsu Siemens)
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\***\AppData\Local\Temp\idiox5j.exe File not found
O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\***\AppData\Local\Temp\user.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\***\AppData\Local\Temp\Icx.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CA38EC3E-4521-4876-B18E-8C3D9B92694C} hxxp://ongamenet.com/uploadfiles/service/module/OGNChatModule.cab (OGNChatModule Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\Shell - "" = AutoRun
O33 - MountPoints2\{6ecb3626-ad1f-11de-80e1-00238b6321c7}\Shell\AutoRun\command - "" = F:\BOOT.EXE -- File not found
O33 - MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\Shell - "" = AutoRun
O33 - MountPoints2\{94d78459-ca00-11de-bda1-00225f5c4026}\Shell\AutoRun\command - "" = F:\BOOT.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.05.25 12:59:23 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.25 12:35:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.05.24 19:44:09 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.05.24 19:44:09 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.24 19:42:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.05.24 18:58:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.24 18:58:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.24 18:57:51 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.com
[2010.05.24 18:46:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.05.24 18:45:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.24 18:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.24 17:23:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.05.24 15:13:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fujitsu
[2010.05.24 15:13:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Fujitsu
[2010.05.24 11:51:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Overflow
[2010.05.24 11:29:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2010.05.24 11:25:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DNA
[2010.05.24 11:25:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DNA
[2010.05.24 00:01:30 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\lowsec
[2010.05.17 15:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX
[2010.05.17 15:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.01 08:38:45 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll
[2010.05.01 08:34:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero
========== Files - Modified Within 30 Days ==========
[2010.05.25 13:01:49 | 002,359,296 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.05.25 12:59:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.25 12:57:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.25 12:56:58 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.25 12:56:58 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.25 12:56:58 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.25 12:56:58 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.25 12:56:58 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.25 12:30:01 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.05.25 12:29:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 12:29:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 12:29:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.25 12:29:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.25 12:29:29 | 3047,837,696 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.25 12:28:41 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 12:28:41 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.25 12:28:39 | 003,847,725 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.05.24 19:40:56 | 000,824,681 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.05.24 19:40:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.05.24 19:01:03 | 000,071,528 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.24 19:00:17 | 000,298,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.24 18:58:27 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.24 18:55:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.com
[2010.05.24 14:58:54 | 000,000,256 | -H-- | M] () -- C:\Windows\System32\LTAW14FN.BIN
[2010.05.24 14:58:54 | 000,000,256 | -H-- | M] () -- C:\Windows\System32\FJLTAFOU.BIN
[2010.05.24 14:46:27 | 000,000,779 | ---- | M] () -- C:\Users\***\Documents\Temp - Verknüpfung.lnk
[2010.05.24 14:46:27 | 000,000,779 | ---- | M] () -- C:\Users\***\Desktop\Temp - Verknüpfung.lnk
[2010.05.24 13:22:06 | 000,027,136 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.23 14:29:23 | 000,003,321 | -HS- | M] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922P.manifest
[2010.05.23 14:27:35 | 000,182,272 | ---- | M] () -- C:\ProgramData\dhcpsapi32.dll
[2010.05.23 14:27:35 | 000,000,013 | -HS- | M] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922C.manifest
[2010.05.23 14:27:35 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922S.manifest
[2010.05.23 14:27:35 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922O.manifest
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.01 08:37:58 | 000,000,000 | ---- | M] () -- C:\Windows\Irremote.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010.05.24 19:42:37 | 000,824,681 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.05.24 18:58:27 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.24 14:58:54 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\LTAW14FN.BIN
[2010.05.24 14:58:54 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\FJLTAFOU.BIN
[2010.05.24 14:46:27 | 000,000,779 | ---- | C] () -- C:\Users\***\Documents\Temp - Verknüpfung.lnk
[2010.05.24 14:46:27 | 000,000,779 | ---- | C] () -- C:\Users\***\Desktop\Temp - Verknüpfung.lnk
[2010.05.23 14:27:35 | 000,182,272 | ---- | C] () -- C:\ProgramData\dhcpsapi32.dll
[2010.05.23 14:27:35 | 000,003,321 | -HS- | C] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922P.manifest
[2010.05.23 14:27:35 | 000,000,013 | -HS- | C] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922C.manifest
[2010.05.23 14:27:35 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922S.manifest
[2010.05.23 14:27:35 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\020000006ac3f672922O.manifest
[2010.05.23 14:27:23 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.01 08:38:45 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2010.05.01 08:37:58 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.24 22:53:39 | 000,000,020 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2009.09.29 19:41:24 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.13 21:54:56 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.07.16 20:01:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.07.16 20:01:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.07.16 20:01:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.04.19 14:59:53 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.27 17:24:43 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.10.10 15:12:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.11 20:51:40 | 000,223,232 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
========== Files - Unicode (All) ==========
[2010.05.24 17:11:13 | 000,001,910 | ---- | M] ()(C:\Users\***\Documents\???????.lnk) -- C:\Users\***\Documents\スクールディズ.lnk
[2010.05.24 11:59:49 | 000,001,910 | ---- | C] ()(C:\Users\***\Documents\???????.lnk) -- C:\Users\***\Documents\スクールディズ.lnk
< End of report >
Code:
OTL Extras logfile created on: 25.05.2010 13:00:09 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 32,90 Gb Free Space | 35,68% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 131,80 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B062B9-93FF-4C50-B2FF-EBC187559172}" = lport=139 | protocol=6 | dir=in | app=system |
"{02045E50-EBD3-4872-ADDE-204373EAED95}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F35CEDA-CB9B-44CD-B2D4-76C73688D304}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4894008F-6D59-4B7F-A737-982D4032EF46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6086BDE8-2C4C-4239-A1F8-880CF65E3B0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A087D7C-48D8-4833-838C-F1593780A067}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2062885-74B4-4810-BBCC-A211D810B643}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADED89C8-F11B-4048-991A-9E6CAD9D492D}" = rport=445 | protocol=6 | dir=out | app=system |
"{B60D0FA1-353C-42AE-92CC-F85623AB5692}" = rport=138 | protocol=17 | dir=out | app=system |
"{D5BC0AF5-3562-4C9A-8A87-57E67F2B5AEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8F918DA-34B9-448F-848D-016EECD0A5A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{E5972430-80BA-43DA-A4FF-1C5DD1FEDAA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8D8610-62FD-422F-92DB-20D5BC9E4AF3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0FDDAB68-6F18-4B46-A242-8E1398D6430D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1A606759-8516-4AAA-BD18-593EF9CCC156}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3152476D-E394-41ED-812B-06F0C244C11B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3D040730-F6C2-4B92-947B-892106A3AE04}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{415105D3-9E50-4BF9-B3FB-B2E523BE2A6A}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{48049245-7B91-4583-83F2-DB3281DD2234}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62BD05C4-6F4B-412A-BDDE-C10EE5B49B79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{65417830-2EA4-4A70-8FCF-0590955B6380}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6CE9C0E1-7567-4170-90F1-4EDFD3F314BE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{70FEA5A7-07AD-4338-8D38-3DD9A58A7352}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{727D98A8-A42C-40E6-9C34-ADFBCC1DE740}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{7EEF0A98-E621-4A78-8E0E-76324D7464A9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{83ED41C4-2C5E-4367-93B7-420B78A5C3A1}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{85F0F8EA-B4F4-4A86-BBA4-8943E7F572BF}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9E585A28-A6E6-43DE-A1DE-B9A8D3683627}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ACDB7FAC-6B0D-44C9-A5C6-0D76F1280DC1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B661DA2B-7D63-4375-B16F-6BBC897840B4}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C678ECCB-1BA6-4AD5-9F92-653F0FA85D68}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF3C9125-9391-4EF2-BE18-CF5996EB0D0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D42129D2-F41B-45D2-942B-79C7D3222748}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D53D4B7F-AED7-41B3-95A9-20022E4FCF50}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{F377F3BD-834E-460B-9EE9-745AB933E38D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F88866A6-211F-4C69-98FD-092D51DB1A3B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{019F574D-B542-4FD5-A4CF-09815D8E4DB7}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{154C01A2-0FEE-47C7-A12B-D5C01C1239C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{94A0B690-C76A-470D-8707-833809743274}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9ACAF55F-9672-4B44-9B11-3C94203B0B03}C:\program files\microprose\risiko ii\riskii.icd" = protocol=6 | dir=in | app=c:\program files\microprose\risiko ii\riskii.icd |
"TCP Query User{C7429DE0-B195-4A63-B47A-4593AFC9F3AB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{FA0841A9-42AB-4F2A-A39E-5D26753C492B}C:\users\***\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files\dna\btdna.exe |
"UDP Query User{008CD2E9-47A1-4E4D-B877-34115D6E0459}C:\program files\microprose\risiko ii\riskii.icd" = protocol=17 | dir=in | app=c:\program files\microprose\risiko ii\riskii.icd |
"UDP Query User{14480D39-44D2-4461-94EB-2E699DF49CB3}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{3096F6D1-E3E9-48A3-A6E8-554C1F61F5AC}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{3F26720A-D46F-43A5-9227-F31ED52E16C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{577AB4F1-4743-43A5-BCA1-9B1FD74BDFA6}C:\users\***\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files\dna\btdna.exe |
"UDP Query User{5CEC4972-6EEE-4883-AD3A-5FEFB25B6B52}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0590BB91-B280-4BAB-95D7-D6558117D27C}" = SA304x Device Manager
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA304x Media Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8FF800ED-97BB-4F68-AC79-A3CD20496157}" = SchoolDays
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B72CF634-2F89-478A-86E7-96F80CDAF284}" = SA304x Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"RealAlt_is1" = Real Alternative 1.9.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2010 13:13:55 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3726, Zeitstempel
0x4b9e5a0c, fehlerhaftes Modul xul.dll, Version 1.9.1.3726, Zeitstempel 0x4b9e59d7,
Ausnahmecode 0xc0000005, Fehleroffset 0x006a6064, Prozess-ID 0x9d0, Anwendungsstartzeit
01caf8fd29953b89.
Error - 22.05.2010 09:19:14 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.05.2010 09:19:14 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.05.2010 09:19:55 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 23.05.2010 08:27:15 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Icv.exe, Version 0.0.0.0, Zeitstempel 0x4a19d3f2,
fehlerhaftes Modul msvcrt.dll, Version 7.0.6001.18000, Zeitstempel 0x4791a727,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a1b4, Prozess-ID 0x44c, Anwendungsstartzeit
01cafa7345fbde09.
Error - 23.05.2010 08:27:17 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Icw.exe, Version 0.0.0.0, Zeitstempel 0x49b6f3e3,
fehlerhaftes Modul MSVCRT.DLL, Version 7.0.6001.18000, Zeitstempel 0x4791a727,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a1b4, Prozess-ID 0x7a8, Anwendungsstartzeit
01cafa7347c81289.
Error - 23.05.2010 09:36:57 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2010 09:36:57 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2010 09:37:13 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
< End of report >
^ Scheinbar hat Avira Antivir vorher sdra64.exe in Quarantäne verschoben... |
