Langsamer PC und befallen von Spyware |
||
|---|---|---|
| #0
| ||
|
10.03.2008, 23:57
Member
Beiträge: 79 |
||
 
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Kann ma jemand bitte die Logs anschauen und gugn ob was nicht entfernt wurde!
1. ATF ist Ok
------------------------------------------------------------------
2. Combofix:
ComboFix 08-03-09.4 - Andre 2008-03-10 12:39:26.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2026 [GMT 1:00]
Running from: D:\Users\Andre\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.
2008-03-10 12:39 . 2008-03-10 12:39 6,736 --a------ D:\Windows\System32\drivers\PROCEXP90.SYS
2008-03-07 23:32 . 2008-03-07 23:32 <DIR> d-------- D:\Windows\LastGood.Tmp
2008-03-07 23:31 . 2008-03-07 23:31 <DIR> d-------- D:\Program Files\Microsoft Silverlight
2008-03-07 22:07 . 2008-03-07 22:07 <DIR> d-------- D:\ProgramData\Malwarebytes
2008-03-07 22:07 . 2008-03-07 22:07 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-03-07 22:06 . 2008-03-07 22:06 <DIR> d-------- D:\Users\Andre\AppData\Roaming\Download Manager
2008-03-04 03:03 . 2008-03-08 11:06 <DIR> d-------- D:\Users\Andre\AppData\Roaming\skypePM
2008-03-04 03:03 . 2008-03-04 03:03 32 --a------ D:\ProgramData\ezsid.dat
2008-03-04 03:02 . 2008-03-08 11:07 <DIR> d-------- D:\Users\Andre\AppData\Roaming\Skype
2008-03-04 03:02 . 2008-03-04 03:02 <DIR> d-------- D:\Program Files\Common Files\Skype
2008-03-01 15:48 . 2008-03-01 15:48 <DIR> d-------- D:\Users\Andre\Neuer Ordner
2008-02-29 11:43 . 2008-02-29 11:43 215,144 --a------ D:\Windows\patchw32.dll
2008-02-29 11:31 . 2008-02-29 11:31 <DIR> d-------- D:\ProgramData\THQ
2008-02-29 01:12 . 2008-02-29 01:12 <DIR> d-------- D:\Program Files\SP
2008-02-28 21:36 . 2008-02-28 21:41 <DIR> d-------- D:\Program Files\Wallpaper Changer
2008-02-26 14:44 . 2008-02-26 14:44 <DIR> d-------- D:\Users\Andre\AppData\Roaming\Apple Computer
2008-02-26 14:40 . 2008-02-26 14:40 <DIR> d-------- D:\ProgramData\Apple
2008-02-26 14:40 . 2008-02-26 14:41 <DIR> d-------- D:\Program Files\Safari
2008-02-26 14:40 . 2008-02-26 14:40 <DIR> d-------- D:\Program Files\Bonjour
2008-02-26 14:40 . 2008-02-26 14:40 <DIR> d-------- D:\Program Files\Apple Software Update
2008-02-23 00:59 . 2008-01-08 21:00 799,424 -ra------ D:\Windows\System32\tmpEBFA.tmp
2008-02-23 00:59 . 2008-01-08 21:00 799,424 -ra------ D:\Windows\System32\tmpEAA2.tmp
2008-02-14 06:56 . 2008-02-14 06:56 118,784 --a------ D:\Windows\System32\drivers\Rtlh86.sys
2008-02-13 12:06 . 2008-02-13 12:06 194,560 --a------ D:\Windows\System32\WebClnt.dll
2008-02-13 12:06 . 2008-02-13 12:06 110,080 --a------ D:\Windows\System32\drivers\mrxdav.sys
2008-02-13 12:02 . 2008-02-13 12:02 3,504,696 --a------ D:\Windows\System32\ntkrnlpa.exe
2008-02-13 12:02 . 2008-02-13 12:02 3,470,392 --a------ D:\Windows\System32\ntoskrnl.exe
2008-02-13 12:02 . 2008-02-13 12:02 154,624 --a------ D:\Windows\System32\drivers\nwifi.sys
2008-02-13 12:02 . 2008-02-13 12:02 109,624 --a------ D:\Windows\System32\drivers\ataport.sys
2008-02-13 12:02 . 2008-02-13 12:02 45,112 --a------ D:\Windows\System32\drivers\pciidex.sys
2008-02-13 12:02 . 2008-02-13 12:02 21,560 --a------ D:\Windows\System32\drivers\atapi.sys
2008-02-13 12:02 . 2008-02-13 12:02 15,928 --a------ D:\Windows\System32\drivers\pciide.sys
2008-02-13 12:01 . 2008-02-13 12:01 4,247,552 --a------ D:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 12:01 . 2008-02-13 12:01 1,686,528 --a------ D:\Windows\System32\gameux.dll
2008-02-13 12:01 . 2008-02-13 12:01 803,328 --a------ D:\Windows\System32\drivers\tcpip.sys
2008-02-13 12:01 . 2008-02-13 12:01 216,632 --a------ D:\Windows\System32\drivers\netio.sys
2008-02-13 12:01 . 2008-02-13 12:01 167,424 --a------ D:\Windows\System32\tcpipcfg.dll
2008-02-13 12:01 . 2008-02-13 12:01 24,064 --a------ D:\Windows\System32\netcfg.exe
2008-02-13 12:01 . 2008-02-13 12:01 22,016 --a------ D:\Windows\System32\netiougc.exe
2008-02-13 11:59 . 2008-02-13 11:59 1,244,672 --a------ D:\Windows\System32\mcmde.dll
2008-02-13 10:26 . 2008-02-13 10:28 <DIR> d-------- D:\Program Files\ICQ6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 09:32 --------- d-----w D:\Users\Andre\AppData\Roaming\uTorrent
2008-03-06 02:07 22,328 ----a-w D:\Windows\system32\drivers\PnkBstrK.sys
2008-03-06 02:07 107,832 ----a-w D:\Windows\System32\PnkBstrB.exe
2008-03-05 11:42 --------- d-----w D:\Program Files\Common Files\Steam
2008-03-05 11:40 4,076 --sha-w D:\Windows\System32\KGyGaAvL.sys
2008-03-04 03:53 78,336 ----a-w D:\Windows\System32\ieencode.dll
2008-03-04 03:52 830,464 ----a-w D:\Windows\System32\wininet.dll
2008-03-04 03:52 47,616 ----a-w D:\Windows\AppPatch\iebrshim.dll
2008-03-04 03:52 41,984 ----a-w D:\Windows\System32\licmgr10.dll
2008-03-04 03:52 26,624 ----a-w D:\Windows\System32\ieUnatt.exe
2008-03-04 03:52 20,480 ----a-w D:\Windows\System32\PDMSetup.exe
2008-03-04 03:52 17,920 ----a-w D:\Windows\System32\corpol.dll
2008-03-04 03:52 142,848 ----a-w D:\Windows\System32\IESetting.dll
2008-03-04 03:52 13,824 ----a-w D:\Windows\System32\SetIEInstalledDate.exe
2008-03-04 03:52 13,824 ----a-w D:\Windows\System32\SetDepNx.exe
2008-03-04 03:51 69,120 ----a-w D:\Windows\System32\iesetup.dll
2008-03-04 03:51 69,120 ----a-w D:\Windows\System32\admparse.dll
2008-03-04 03:51 66,560 ----a-w D:\Windows\System32\wextract.exe
2008-03-04 03:51 168,448 ----a-w D:\Windows\System32\iexpress.exe
2008-03-04 03:50 48,128 ----a-w D:\Windows\System32\mshtmler.dll
2008-03-04 03:50 45,568 ----a-w D:\Windows\System32\mshta.exe
2008-03-04 03:50 36,352 ----a-w D:\Windows\System32\imgutil.dll
2008-03-04 02:02 --------- d-----w D:\ProgramData\Skype
2008-03-04 02:02 --------- d-----w D:\Program Files\Skype
2008-03-01 14:45 --------- d-----w D:\Users\Andre\AppData\Roaming\Ahead
2008-03-01 14:45 --------- d-----w D:\ProgramData\Ahead
2008-02-29 10:32 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-02-29 10:32 --------- d-----w D:\Program Files\AGEIA Technologies
2008-02-29 10:16 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-02-23 00:01 --------- d-----w D:\Program Files\DAEMON Tools
2008-02-22 23:59 418,480 ----a-w D:\Windows\System32\wrap_oal.dll
2008-02-22 23:59 115,432 ----a-w D:\Windows\System32\OpenAL32.dll
2008-02-18 22:18 --------- d-----w D:\Users\Andre\AppData\Roaming\ICQ
2008-02-15 01:58 --------- d-----w D:\Program Files\Common Files\Adobe
2008-02-14 15:31 --------- d-----w D:\Program Files\DivX
2008-02-13 11:02 --------- d-----w D:\ProgramData\Microsoft Help
2008-02-13 11:01 537,600 ----a-w D:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:01 449,536 ----a-w D:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:01 2,144,256 ----a-w D:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:01 173,056 ----a-w D:\Windows\AppPatch\AcXtrnal.dll
2008-02-12 16:21 --------- d-----w D:\Program Files\OO Software
2008-01-30 01:14 --------- d-----w D:\Program Files\Trojancheck 6
2008-01-29 23:20 --------- d-----w D:\Program Files\EVEREST Ultimate Edition 4.2
2008-01-29 13:57 --------- d-----w D:\Program Files\Setup Files
2008-01-29 12:37 673,546 ----a-w D:\Windows\System32\unins000.exe
2008-01-29 00:18 --------- d-----w D:\Users\Andre\AppData\Roaming\TeamViewer
2008-01-29 00:17 --------- d-----w D:\Program Files\TeamViewer3
2008-01-26 13:27 --------- d-----w D:\Program Files\mp3split
2008-01-26 13:25 --------- d-----w D:\Program Files\SuperAudiotool
2008-01-24 09:50 --------- d-----w D:\ProgramData\NVIDIA
2008-01-23 16:04 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-01-14 20:12 --------- d-----w D:\Users\Andre\AppData\Roaming\GetRight
2008-01-14 19:43 --------- d-----w D:\Program Files\GetRight
2008-01-11 17:20 --------- d-----w D:\Program Files\Google
2008-01-11 10:49 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-01-11 03:37 --------- d-----w D:\Users\Andre\AppData\Roaming\Camfrog
2008-01-10 22:18 --------- d-----w D:\Program Files\Windows Sidebar
2008-01-10 22:18 --------- d-----w D:\Program Files\Windows Mail
2008-01-10 17:13 211,000 ----a-w D:\Windows\system32\drivers\volsnap.sys
2008-01-10 17:13 11,776 ----a-w D:\Windows\System32\sbunattend.exe
2008-01-10 17:13 1,060,920 ----a-w D:\Windows\system32\drivers\ntfs.sys
2008-01-04 21:59 524,288 ----a-w D:\Windows\System32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w D:\Windows\System32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w D:\Windows\System32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w D:\Windows\System32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w D:\Windows\System32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w D:\Windows\System32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w D:\Windows\System32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w D:\Windows\System32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w D:\Windows\System32\DivX.dll
2008-01-04 21:57 593,920 ----a-w D:\Windows\System32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w D:\Windows\System32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w D:\Windows\System32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w D:\Windows\System32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w D:\Windows\System32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w D:\Windows\System32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w D:\Windows\System32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w D:\Windows\System32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w D:\Windows\System32\DivXWMPExtType.dll
2007-12-17 21:40 669,184 ----a-w D:\Windows\System32\pbsvc.exe
2007-12-17 21:40 22,328 ----a-w D:\Users\Andre\AppData\Roaming\PnkBstrK.sys
2007-12-14 18:25 9,728 ----a-w D:\Windows\System32\LAPRXY.DLL
2007-12-14 18:25 223,232 ----a-w D:\Windows\System32\WMASF.DLL
2007-12-14 18:25 1,327,104 ----a-w D:\Windows\System32\quartz.dll
2007-12-11 16:06 753,664 ----a-w D:\Windows\System32\nvcplui.exe
2007-12-11 16:06 307,200 ----a-w D:\Windows\System32\nvexpbar.dll
2007-12-11 16:06 1,073,152 ----a-w D:\Windows\System32\nvcpluir.dll
2007-10-09 20:24 23,766,640 ----a-w D:\Users\Andre\DivXBundle.exe
2007-10-09 07:49 2,028,108 ----a-w D:\Users\Andre\mplayerc_20070918.zip
2007-09-27 23:54 174 --sha-w D:\Program Files\desktop.ini
2007-10-07 13:06 16,384 --sha-w D:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-07 13:06 32,768 --sha-w D:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-07 13:06 16,384 --sha-w D:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-05 17:33 88 --sh--r D:\Windows\System32\CC77A9A79A.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"EVEREST AutoStart"="D:\Program Files\EVEREST Ultimate Edition\everest.exe" [2006-07-16 00:00 47104]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 18:13 1232896]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 20:34 5724184]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 01:43 4670704]
"ehTray.exe"="D:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]
"WallPaper"="D:\PROGRA~1\WALLPA~1\WALLPA~1.exe" [2001-06-10 18:28 246272]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2007-09-28 00:41 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 08:51 4435968 D:\Windows\RtHDVCpl.exe]
"MSConfig"="D:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 21:38 249896]
"Launch LGDCore"="D:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-27 02:22 1132056]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"WinSys2"="D:\Windows\system32\startup.exe" [2006-06-01 06:21 53248]
"NvCplDaemon"="D:\Windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"NvMediaCenter"="D:\Windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Wallpaper"="" []
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Creative Konsole Starter.lnk - D:\Program Files\Creative\Console Launcher\ConsoLCu.exe [2007-11-07 05:52:42 217088]
DualCoreCenter.lnk - D:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2007-09-27 10:17:06 192512]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=D:\Windows\pss\DualCoreCenter.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launchpad.lnk]
path=D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchpad.lnk
backup=D:\Windows\pss\Launchpad.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG311v2 Smart Configuration.lnk]
path=D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG311v2 Smart Configuration.lnk
backup=D:\Windows\pss\NETGEAR WG311v2 Smart Configuration.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^X-Micro WLAN 11g PCMCIA Card Configuration Utility.lnk]
path=D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X-Micro WLAN 11g PCMCIA Card Configuration Utility.lnk
backup=D:\Windows\pss\X-Micro WLAN 11g PCMCIA Card Configuration Utility.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\D:^Users^Andre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CPUCooL.lnk]
path=D:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
backup=D:\Windows\pss\CPUCooL.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\D:^Users^Andre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=D:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=D:\Windows\pss\DualCoreCenter.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 19:45 63712 D:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-30 00:03 36864 D:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 D:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-10-31 01:52 531784 D:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2007-10-26 06:56 19456 D:\Windows\System32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2007-10-26 06:56 19968 D:\Windows\System32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 13:34 125440 D:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2007-12-19 15:48 172280 D:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
--a------ 2007-03-20 14:36 36864 D:\Windows\RaidTool\xInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 20:34 5724184 D:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-02 00:57 153136 D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall]
D:\Program Files\Outpost Firewall\outpost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
D:\Program Files\Outpost Firewall\feedback.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-10 18:13 1232896 D:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 D:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-04-13 08:36 1822720 D:\Windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-01-04 19:38 1266936 n:\steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 12:00 132496 D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
%windir%\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 13:32 2159104 D:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
--a------ 2006-06-01 06:21 53248 D:\Windows\system32\startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-31 01:43 4670704 D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8544C40F-7BCC-41E0-962A-31F5824BF93E}"= UDP:K:\BF2142\BF2142.exe:Battlefield 2
"{833B31FB-545D-4D7D-BAEC-1C22B1957EE5}"= TCP:K:\BF2142\BF2142.exe:Battlefield 2
"TCP Query User{F86F756D-7E8D-4CCA-9559-F025729CB2E3}D:\program files\gamespy\comrade\comrade.exe"= UDP
"UDP Query User{02E0BA4A-7CEA-4E4D-92FA-E26A68B268B2}D:\program files\gamespy\comrade\comrade.exe"= TCP
"TCP Query User{D27CED94-39D9-4D89-B8B2-45F60C29BB43}D:\program files\icq6\icq.exe"= UDP
"UDP Query User{4740C1AA-3663-4347-BABE-167DDE979B00}D:\program files\icq6\icq.exe"= TCP
"TCP Query User{2E749447-1577-442A-B1D3-37AD3B231233}K:\call of duty 2\cod2mp_s.exe"= UDP:K:\call of duty 2\cod2mp_s.exe:CoD2MP_s|Desc=CoD2MP_s
"UDP Query User{311C1BDC-7F7F-45EE-BAB5-58C3F44645C3}K:\call of duty 2\cod2mp_s.exe"= TCP:K:\call of duty 2\cod2mp_s.exe:CoD2MP_s|Desc=CoD2MP_s
"{5805D515-1C92-428C-88D0-1CBE723FFEF9}"= UDP:N:\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{B4A1ECE0-9540-4B68-AE21-0E6EB6F870D3}"= TCP:N:\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"TCP Query User{11BA4674-76C8-42B3-A5E5-CF861EFB7D81}K:\bf2142\bf2142.exe"= UDP:K:\bf2142\bf2142.exe:BF2142|Desc=BF2142
"UDP Query User{997520C0-4783-44EF-B362-20317C061FB1}K:\bf2142\bf2142.exe"= TCP:K:\bf2142\bf2142.exe:BF2142|Desc=BF2142
"TCP Query User{845FD98E-19AC-4170-9C6E-BF7F971630A7}D:\program files\icq6\icq.exe"= UDP
"UDP Query User{1B7CED59-586B-4D16-B649-AA56A2CFDBD5}D:\program files\icq6\icq.exe"= TCP
"TCP Query User{EF473982-A119-4FD3-B026-5977DAA55791}D:\program files\utorrent\utorrent.exe"= UDP
"UDP Query User{DC696B1B-7FA6-454B-AA5C-0C4C2B298D7D}D:\program files\utorrent\utorrent.exe"= TCP
"TCP Query User{31134AF1-C1DE-43A0-A027-C91B2E068CD1}D:\program files\java\jre1.6.0_02\bin\java.exe"= UDP
"UDP Query User{081EA563-8F05-465F-B16B-5436D4A3201B}D:\program files\java\jre1.6.0_02\bin\java.exe"= TCP
"TCP Query User{7EA5F32E-0DCD-479F-ABD6-BE0F3230B58C}D:\program files\utorrent\utorrent.exe"= UDP
"UDP Query User{157FEC98-2763-470F-B58C-A568B7FC2061}D:\program files\utorrent\utorrent.exe"= TCP
"{72BA1D41-B5A6-4EA1-A81D-9D4F5C3C35A0}"= TCP:6004|D:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{248B6134-C3A4-413C-BC29-6346B656E16D}"= UDP:K:\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{18A9F504-C1FA-421F-8C19-5DEEAC63A97D}"= TCP:K:\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{3A3A4C72-053D-4DDF-8AFB-A636CBFD743C}"= UDP:K:\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{6975D6B9-234E-44BA-8853-7379787F3886}"= TCP:K:\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{3EE9648B-35F8-4E3F-A1BB-CA4020B51839}"= UDP:K:\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{E64BE4A0-A473-4D0A-8605-A79CB725525D}"= TCP:K:\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{04DE5409-05FA-46CE-9396-8DCEF3904542}D:\program files\skype\phone\skype.exe"= UDP
"UDP Query User{70BB3999-BCB9-47F8-B211-A21BB5584549}D:\program files\skype\phone\skype.exe"= TCP
"TCP Query User{070D0034-485C-431C-A396-F4DE4622B576}D:\program files\joost\xulrunner\tvprunner.exe"= UDP
"UDP Query User{DCDCB476-D709-4B12-82AD-71F53E86B12F}D:\program files\joost\xulrunner\tvprunner.exe"= TCP
"TCP Query User{719B6361-1AB5-4920-A900-F91370DDAB05}D:\program files\internet explorer\iexplore.exe"= UDP
"UDP Query User{CB9E2589-897D-4A1E-BA74-1278E0F2EFB6}D:\program files\internet explorer\iexplore.exe"= TCP
"{F2577C0C-B0E1-44B3-99CE-CCE4333E7F67}"= UDP
"{5318390E-8424-4E1D-9BBA-73184CEBD6DA}"= TCP
"{367423D3-6DD2-4D0F-9933-2DB8B494653F}"= UDP
"{4F46B097-B9C5-4A54-AF54-71EC4318FE4F}"= TCP
"{0CA60604-1BBD-4BB1-B8E5-115D4B38252A}"= D:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{2EB39A8F-4934-410D-B55D-6ABF3BD36992}"= UDP
"{E2DDD710-C0C0-4789-A73A-BEBCC24E19AF}"= TCP
"{C0980A7E-5D7C-4ED2-AE87-A51BDC008683}"= UDP
"{B3D2E11B-06E4-42E9-9F5D-9DAB2642A85F}"= TCP
"TCP Query User{951F9165-90FF-4122-ADCD-8B8A8F455AA2}D:\program files\gamespy\comrade\comrade.exe"= UDP
"UDP Query User{D3A421A0-4386-40BE-895F-D67A7AEB3117}D:\program files\gamespy\comrade\comrade.exe"= TCP
"TCP Query User{79DC0FB1-D2B7-43F6-B278-174D00907519}D:\program files\bpftp server\bpftpserver.exe"= Disabled:UDP
"UDP Query User{70382308-8C8D-400B-972F-54F7252FAA10}D:\program files\bpftp server\bpftpserver.exe"= Disabled:TCP
"{5F970876-571F-43D9-92D3-3178C325E388}"= Disabled:UDP
"{77D2B6E5-E02A-44A2-A3EE-40041E16D87C}"= Disabled:TCP
"TCP Query User{19C128B2-A5B2-42DF-B984-775352F3B719}K:\america's army\system\armyops.exe"= UDP:K:\america's army\system\armyops.exe:ArmyOps|Desc=ArmyOps
"UDP Query User{FDAD43A2-4ED4-451D-B677-F0CD9CBD263A}K:\america's army\system\armyops.exe"= TCP:K:\america's army\system\armyops.exe:ArmyOps|Desc=ArmyOps
"{E4A90DFC-70EE-4834-BF2D-F18EE4F1B6FB}"= UDP:K:\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E2D8F04E-7C19-4D3A-81F5-4B8EA9A0EA7C}"= TCP:K:\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{6A85AD9C-B15E-410F-AC23-42209CD70FD7}D:\program files\yahoo!\messenger\yahoomessenger.exe"= UDP
"UDP Query User{D327FDD0-A737-4F99-A5AF-3A96F4483A79}D:\program files\yahoo!\messenger\yahoomessenger.exe"= TCP
"TCP Query User{53173A07-AFF8-4817-B9F4-D927F67B4CA3}K:\call of duty 4 - modern warfare\iw3mp.exe"= UDP:K:\call of duty 4 - modern warfare\iw3mp.exe:iw3mp|Desc=iw3mp
"UDP Query User{14D8B8D9-91AE-456D-A7F8-CF4E9E3CECA3}K:\call of duty 4 - modern warfare\iw3mp.exe"= TCP:K:\call of duty 4 - modern warfare\iw3mp.exe:iw3mp|Desc=iw3mp
"{F3A2A5A2-37BF-44E5-BFAB-A1015E9DD974}"= UDP
"{A236B077-2360-48A2-9CDC-4BB20FDF0005}"= TCP
"{77108CAD-186C-4FA7-9902-D0DA55C067A6}"= UDP
"{A7414B23-2595-41AE-A031-352E7AAB4763}"= TCP
"{A1F1C6AA-F4CC-45B6-B0F0-93A89B518F33}"= UDP
"{7CCAFA66-4FA1-4835-AAF2-95E342DBB71F}"= TCP
"{7B90A3EE-79F8-4441-ADCF-50980D8B4004}"= UDP
"{15C0AEE3-781A-4431-BA78-86C8D6565612}"= TCP
"TCP Query User{31828623-CC8D-4A93-865B-E9FF103DD90C}D:\program files\camfrog\camfrog video chat\camfrog video chat.exe"= UDP
"UDP Query User{9E704E39-EFB3-4A97-AAAA-91B82F08BB2E}D:\program files\camfrog\camfrog video chat\camfrog video chat.exe"= TCP
"TCP Query User{F984753F-C6FD-43C4-831C-E34A097446ED}N:\steam\steamapps\duaffentier\team fortress 2\hl2.exe"= UDP:N:\steam\steamapps\duaffentier\team fortress 2\hl2.exe:hl2|Desc=hl2
"UDP Query User{557646A7-1BB2-46AC-876E-C7FCE5E11667}N:\steam\steamapps\duaffentier\team fortress 2\hl2.exe"= TCP:N:\steam\steamapps\duaffentier\team fortress 2\hl2.exe:hl2|Desc=hl2
"TCP Query User{864FCAE1-9195-472B-A511-F141DE8A62D9}N:\company of heroes\reliccoh.exe"= UDP:N:\company of heroes\reliccoh.exe:RelicCOH|Desc=RelicCOH
"UDP Query User{22945D81-783E-4B89-B314-A3B7B0FCD0B0}N:\company of heroes\reliccoh.exe"= TCP:N:\company of heroes\reliccoh.exe:RelicCOH|Desc=RelicCOH
"{6C27C97A-0695-491C-8769-0B9A470FEC9C}"= UDP
"{669ED8AC-374F-4E3B-9EF2-46DE11BBEE1A}"= TCP
"{2795AC8F-8C8D-40F5-A444-13079329A041}"= UDP:N:\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{479D4623-AAF1-47C8-9EF7-0A2E0293FD60}"= TCP:N:\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 DNS2GoClient;DNS2Go Client;D:\Program Files\Deerfield.com\DNS2Go\DNS2GoClient.exe [2005-08-10 17:04]
R2 RapiMgr;Windows Mobile-based device connectivity;D:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 TeamViewer;TeamViewer 3;"D:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service []
R2 WcesComm;Windows Mobile-2003-based device connectivity;D:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 DualCoreCenter;DualCoreCenter;D:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2007-04-17 22:42]
R3 ha20x2k;Creative 20X HAL Driver;D:\Windows\system32\drivers\ha20x2k.sys [2007-10-26 08:33]
R3 NETGEAR;Netgear 802.11 Network Adapter Driver;D:\Windows\system32\DRIVERS\wn311b.sys [2006-11-13 09:08]
R3 RTL8169;Realtek 8169 NT Driver;D:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 06:56]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;D:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"D:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [2007-11-07 05:49]
S3 DCamUSBUVT;TerraCam USB;D:\Windows\system32\Drivers\usbuvt.sys [2003-08-29 18:47]
S3 drhard;DRHARD;D:\Windows\system32\DRIVERS\DRHARD.SYS [2005-12-01 19:49]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Program Files\EVEREST Ultimate Edition 4.2\kerneld.wnt [2007-10-17 00:00]
S3 gdrv;gdrv;D:\Windows\gdrv.sys [2007-09-27 12:06]
S3 Steam Client Service;Steam Client Service;D:\Program Files\Common Files\Steam\SteamService.exe [2008-03-05 12:42]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e746f68-9c85-11dc-88d9-001a4d53072f}]
\shell\AutoRun\command - O:\autorun.exe autorun.hta
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e746f69-9c85-11dc-88d9-001a4d53072f}]
\shell\AutoRun\command - P:\AUTORUN.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff04144-6d3d-11dc-84e8-806e6f6e6963}]
\shell\AutoRun\command - 0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1bfd959-8f48-11dc-ad0e-001a4d53072f}]
\shell\AutoRun\command - H:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f77eb368-6d7b-11dc-9664-001a4d53072f}]
\shell\AutoRun\command - F:\AutoRunCD.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-09 22:16:16 D:\Windows\Tasks\User_Feed_Synchronization-{83044EA5-045D-4FA1-BA55-19EC1F53808F}.job"
- D:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 12:42:02
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-10 12:42:43
.
2008-03-07 22:32:20 --- E O F ---
---------------------------------------------------------------------------------------------
3.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:04, on 10.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
D:\Windows\system32\Dwm.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Windows\RtHDVCpl.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
D:\Windows\WindowsMobile\wmdc.exe
D:\Windows\System32\rundll32.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Windows\ehome\ehtray.exe
D:\Program Files\Wallpaper Changer\WallPaper.exe
D:\Windows\ehome\ehmsas.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Windows\system32\taskeng.exe
D:\Windows\System32\mobsync.exe
D:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\ICQ6\ICQ.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
D:\Windows\system32\conime.exe
D:\Windows\Explorer.exe
D:\Windows\system32\notepad.exe
D:\Windows\system32\NOTEPAD.EXE
D:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MSConfig] "D:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WinSys2] D:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Program Files\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] D:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WallPaper] D:\PROGRA~1\WALLPA~1\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Creative Konsole Starter.lnk = D:\Program Files\Creative\Console Launcher\ConsoLCu.exe
O4 - Global Startup: DualCoreCenter.lnk = D:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - D:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - D:\PROGRA~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - D:\PROGRA~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - D:\PROGRA~1\DESKSC~1\DreamControl.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: DNS2Go Client (DNS2GoClient) - Deerfield.com - D:\Program Files\Deerfield.com\DNS2Go\DNS2GoClient.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Windows\system32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - D:\Program Files\Outpost Firewall\outpost.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\Windows\system32\PSIService.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - D:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 11943 bytes
-------------------------------------------------------------------------------------------------------------------------
4.
Volume in Laufwerk D: hat keine Bezeichnung.
Volumeseriennummer: C0A9-3ADB
Verzeichnis von D:\Windows\system32
10.03.2008 12:07 3.584 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
10.03.2008 12:07 3.584 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
08.03.2008 11:14 618.272 perfh009.dat
08.03.2008 11:14 107.416 perfc009.dat
08.03.2008 11:14 648.918 perfh007.dat
08.03.2008 11:14 120.576 perfc007.dat
08.03.2008 11:14 1.488.910 PerfStringBackup.INI
08.03.2008 11:05 34.338 OODBS.lor
08.03.2008 02:41 64.756 DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
08.03.2008 02:41 54.324 BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
08.03.2008 02:41 54.324 BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
06.03.2008 03:07 107.832 PnkBstrB.exe
05.03.2008 12:40 4.076 KGyGaAvL.sys
04.03.2008 04:55 8.016.384 ieframe.dll
04.03.2008 04:53 5.120.000 mshtml.dll
04.03.2008 04:53 385.024 html.iec
04.03.2008 04:53 1.547.264 inetcpl.cpl
04.03.2008 04:53 78.336 ieencode.dll
04.03.2008 04:53 208.384 WinFXDocObj.exe
04.03.2008 04:53 233.984 webcheck.dll
04.03.2008 04:52 1.188.352 urlmon.dll
04.03.2008 04:52 193.024 msrating.dll
04.03.2008 04:52 105.984 url.dll
04.03.2008 04:52 41.984 licmgr10.dll
04.03.2008 04:52 116.224 occache.dll
04.03.2008 04:52 142.848 IESetting.dll
04.03.2008 04:52 830.464 wininet.dll
04.03.2008 04:52 17.920 corpol.dll
04.03.2008 04:52 28.672 jsproxy.dll
04.03.2008 04:52 20.480 PDMSetup.exe
04.03.2008 04:52 13.824 SetIEInstalledDate.exe
04.03.2008 04:52 13.824 SetDepNx.exe
04.03.2008 04:52 26.624 ieUnatt.exe
04.03.2008 04:52 224.768 ieaksie.dll
04.03.2008 04:52 349.184 iedkcs32.dll
04.03.2008 04:51 119.808 ieakeng.dll
04.03.2008 04:51 70.656 ie4uinit.exe
04.03.2008 04:51 69.120 admparse.dll
04.03.2008 04:51 149.504 ieakui.dll
04.03.2008 04:51 69.120 iesetup.dll
04.03.2008 04:51 94.208 inseng.dll
04.03.2008 04:51 44.032 iernonce.dll
04.03.2008 04:51 126.464 advpack.dll
04.03.2008 04:51 557.056 jscript.dll
04.03.2008 04:51 66.560 wextract.exe
04.03.2008 04:51 168.448 iexpress.exe
04.03.2008 04:51 585.728 msfeeds.dll
04.03.2008 04:50 629.248 mstime.dll
04.03.2008 04:50 52.736 msfeedssync.exe
04.03.2008 04:50 52.224 msfeedsbs.dll
04.03.2008 04:50 60.928 icardie.dll
04.03.2008 04:50 184.320 iepeers.dll
04.03.2008 04:50 268.800 iertutil.dll
04.03.2008 04:50 345.600 dxtmsft.dll
04.03.2008 04:50 44.544 pngfilt.dll
04.03.2008 04:50 36.352 imgutil.dll
04.03.2008 04:50 212.992 dxtrans.dll
04.03.2008 04:50 68.608 mshtmled.dll
04.03.2008 04:50 48.128 mshtmler.dll
04.03.2008 04:50 1.555.456 mshtml.tlb
04.03.2008 04:50 45.568 mshta.exe
04.03.2008 04:50 66.560 tdc.ocx
04.03.2008 04:44 181.248 ieui.dll
04.03.2008 04:37 56.413 ieuinit.inf
04.03.2008 04:34 440.832 ieapfltr.dll
28.02.2008 09:52 377.336 FNTCACHE.DAT
23.02.2008 00:59 418.480 wrap_oal.dll
23.02.2008 00:59 115.432 OpenAL32.dll
13.02.2008 12:06 194.560 WebClnt.dll
13.02.2008 12:04 613.888 wpd_ci.dll
13.02.2008 12:04 224.824 clfs.sys
13.02.2008 12:04 19.456 cfgmgr32.dll
13.02.2008 12:04 101.888 drvinst.exe
13.02.2008 12:04 221.696 umpnpmgr.dll
13.02.2008 12:04 260.096 dpx.dll
13.02.2008 12:04 6.656 kbd106n.dll
13.02.2008 12:04 558.080 oleaut32.dll
13.02.2008 12:04 1.585.664 setupapi.dll
13.02.2008 12:04 7.168 f3ahvoas.dll
13.02.2008 12:04 12.800 batt.dll
13.02.2008 12:04 35.328 dispci.dll
13.02.2008 12:04 905.400 winresume.exe
13.02.2008 12:04 943.800 winload.exe
13.02.2008 12:04 23.552 nshhttp.dll
13.02.2008 12:04 39.424 lodctr.exe
13.02.2008 12:04 32.256 unlodctr.exe
13.02.2008 12:04 115.200 loadperf.dll
13.02.2008 12:04 17.408 prflbmsg.dll
13.02.2008 12:04 595.456 schedsvc.dll
13.02.2008 12:02 3.504.696 ntkrnlpa.exe
13.02.2008 12:02 3.470.392 ntoskrnl.exe
13.02.2008 12:01 24.064 netcfg.exe
13.02.2008 12:01 167.424 tcpipcfg.dll
13.02.2008 12:01 22.016 netiougc.exe
13.02.2008 12:01 4.247.552 GameUXLegacyGDFs.dll
13.02.2008 12:01 1.686.528 gameux.dll
13.02.2008 11:59 1.244.672 mcmde.dll
08.02.2008 02:48 3.670.112 ieapfltr.dat
06.02.2008 23:37 59 everest_cpl.ini
05.02.2008 00:09 18.214.008 mrt.exe
29.01.2008 13:37 1.518 unins000.dat
29.01.2008 13:37 673.546 unins000.exe
29.01.2008 11:40 14.848 BASSMOD.dll
26.01.2008 14:27 5 SySCut.dat
10.01.2008 18:13 11.776 sbunattend.exe
08.01.2008 21:00 799.424 tmpEBFA.tmp
08.01.2008 21:00 799.424 tmpEAA2.tmp
08.01.2008 02:16 630.784 divxdec.ax
04.01.2008 22:59 10.152 dsm_de.qm
04.01.2008 22:59 4.816 divxsm.tlb
04.01.2008 22:59 524.288 DivXsm.exe
04.01.2008 22:58 3.596.288 qt-dx331.dll
04.01.2008 22:58 200.704 ssldivx.dll
04.01.2008 22:58 1.044.480 libdivx.dll
04.01.2008 22:57 81.920 dpl100.dll
04.01.2008 22:57 416 dpl100.dll.manifest
04.01.2008 22:57 196.608 dtu100.dll
04.01.2008 22:57 416 dtu100.dll.manifest
04.01.2008 22:57 53.248 dpuGUI10.dll
04.01.2008 22:57 57.344 dpv11.dll
04.01.2008 22:57 294.912 dpu10.dll
04.01.2008 22:57 294.912 dpu11.dll
04.01.2008 22:57 593.920 dpuGUI11.dll
04.01.2008 22:57 344.064 dpus11.dll
04.01.2008 22:57 823.296 divx_xx07.dll
04.01.2008 22:57 682.496 DivX.dll
04.01.2008 22:57 802.816 divx_xx11.dll
04.01.2008 22:57 823.296 divx_xx0c.dll
04.01.2008 22:56 156.992 DivXCodecVersionChecker.exe
04.01.2008 22:56 12.288 DivXWMPExtType.dll
04.01.2008 22:56 3.136 dtu_de.qm
04.01.2008 22:56 8.523 dpude.qm
18.12.2007 05:51 4.102 lvcoinst.log
17.12.2007 22:40 669.184 pbsvc.exe
14.12.2007 22:47 2.048 tzres.dll
14.12.2007 19:25 1.327.104 quartz.dll
14.12.2007 19:25 9.728 LAPRXY.DLL
14.12.2007 19:25 2.048 asferror.dll
14.12.2007 19:25 223.232 WMASF.DLL
11.12.2007 17:06 413.696 nvcpl.cpl
11.12.2007 17:06 307.200 nvexpbar.dll
11.12.2007 17:06 1.073.152 nvcpluir.dll
11.12.2007 17:06 753.664 nvcplui.exe
Volume in Laufwerk D: hat keine Bezeichnung.
Volumeseriennummer: C0A9-3ADB
Verzeichnis von D:\Users\Andre\AppData\Local\Temp
10.03.2008 12:47 137.140 datfind.txt
10.03.2008 12:43 16.384 ~DFD4DA.tmp
10.03.2008 12:42 512 ~DF557C.tmp
10.03.2008 12:42 1.081.344 ~DF4CD1.tmp
10.03.2008 12:15 49.152 ~DF3036.tmp
10.03.2008 12:04 32.768 ~DFF51D.tmp
10.03.2008 12:04 16.384 ~DFEE5B.tmp
10.03.2008 11:38 16.384 ~DF24EE.tmp
10.03.2008 11:31 16.384 ~DFFCEF.tmp
10.03.2008 10:10 0 JETFAB7.tmp
28.09.2007 07:23 0 FXSAPIDebugLogFile.txt
11 Datei(en), 1.366.452 Bytes
0 Verzeichnis(se), 84.113.858.560 Bytes frei
.
.
.
Volume in Laufwerk D: hat keine Bezeichnung.
Volumeseriennummer: C0A9-3ADB
Verzeichnis von D:\Windows
10.03.2008 12:42 215 system.ini
10.03.2008 12:38 1.440.199 WindowsUpdate.log
08.03.2008 11:05 67.584 bootstat.dat
08.03.2008 02:40 12 bthservsdp.dat
06.03.2008 00:15 14.224 ie8_main.log
05.03.2008 18:02 51.802 PFRO.log
29.02.2008 11:43 215.144 patchw32.dll
29.02.2008 11:33 393.774 DirectX.log
29.02.2008 11:32 4.684 DIFx.log
28.02.2008 09:51 271.953.230 MEMORY.DMP
19.02.2008 12:03 531 KB893803v2.log
13.02.2008 12:19 3.550 setupact.log
14.12.2007 19:23 219 win.ini
05.12.2007 18:34 1.409 QTFont.for
05.12.2007 18:34 54.156 QTFont.qfn
Volume in Laufwerk D: hat keine Bezeichnung.
Volumeseriennummer: C0A9-3ADB
Verzeichnis von D:\Windows\Downloaded Program Files
04.01.2008 09:51 144 swdir.inf
18.12.2007 16:48 6.540 MSIWDev.inf
06.12.2007 14:36 23.600 tvichw32.sys
16.10.2007 19:16 2.287 MSC3.inf
09.10.2007 02:05 516 CTPID.inf
09.10.2007 02:05 37.624 CTPID.ocx
08.10.2007 20:21 367 LegitCheckControl.inf