Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Defender meldet Win32/Renos.JS

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.10.2009, 13:41   #1
FieserBert
 
Windows Defender meldet Win32/Renos.JS - Standard

Windows Defender meldet Win32/Renos.JS



Hallo,
ich benutze derzeit Avast und den Windows Defender, um mich vor ungebetenen Gästen zu schützen. (Vista 64bit system)
Nach einem Download gestern Abend habe ich wie gewohnt vor dem ausführen der Datei mein Avast scanen lassen. Alles war ok. Nach einer weile erhielt ich eine Meldung vom Windows Defender:
TrojanDownloader:Win32/Renos.JS --Entfernen Sie diese Software unverzüglich.--
Also hab ich auf entfernen geklickt. Heute schalte ich den PC an und erhalte die selbe Meldung. Avast träumt vor sich hin und ich schitz vor Angst.
Kann mich jemand anleiten wie ich diesen Trojaner sicher wieder entferne?

Alt 22.10.2009, 19:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender meldet Win32/Renos.JS - Standard

Windows Defender meldet Win32/Renos.JS



Hallo und

Bei 64-Bit-Windows ist das Entfernen von Schädlingen schwierig bis unmöglich, da viele Standardtools, die wir hier zur Bereinigung benötigen, nicht 64 bittigem Windows kompatibel sind.

Ich würde erstmal nur vorschlagen, Du postest ein Logfile mit HijackThis und machst einen Durchlauf mit MalwareBytes. Danach kannst Du mal OTL probieren:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 23.10.2009, 15:30   #3
FieserBert
 
Windows Defender meldet Win32/Renos.JS - Standard

Windows Defender meldet Win32/Renos.JS



Hab vor deiner Antwort schon MWB ausprobiert. Das tool scheint Renos.js gefunden zu haben und konnte ihn auch entfernen. Aber man weiß ja nie. Hab deshalb deine Anweisung befolgt:

hier der Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:19, on 23.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\buffed\BLASC.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Xfire\xfire.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\maik\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BLASC] "C:\Program Files (x86)\buffed\BLASC.exe" silent
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://stage.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{91673E07-F5B1-4E40-871E-DC7547B2B81D}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{91673E07-F5B1-4E40-871E-DC7547B2B81D}: NameServer = 192.168.178.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{91673E07-F5B1-4E40-871E-DC7547B2B81D}: NameServer = 192.168.178.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9536 bytes
__________________

Alt 23.10.2009, 15:33   #4
FieserBert
 
Windows Defender meldet Win32/Renos.JS - Standard

Windows Defender meldet Win32/Renos.JS



hier noch OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2009 16:13:27 - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\maik\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 59,93% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): c:\pagefile.sys 6200 6200 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 240,08 Gb Free Space | 51,55% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 60,95 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAIK-PC
Current User Name: maik
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\buffed\BLASC.exe (Computec Media AG)
PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
PRC - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Program Files (x86)\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Users\maik\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
 
========== Win32 Services (SafeList) ==========
 
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (MagicTuneEngine [Auto | Running]) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006.11.02 15:34:14 | 00,000,000 | ---D | M]
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UxTuneUp [Auto | Running]) -- C:\Windows\SysWow64\uxtuneup.dll (TuneUp Software)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV:64bit: - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll ()
SRV:64bit: - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe ()
SRV:64bit: - (nHancer [Auto | Running]) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV:64bit: - (O&O Defrag [Auto | Running]) -- C:\Windows\SysNative\oodag.exe ()
SRV:64bit: - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\Windows\SysNative\TuneUpDefragService.exe ()
SRV:64bit: - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\Windows\SysNative\TUProgSt.exe ()
SRV:64bit: - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll ()
SRV:64bit: - (UxTuneUp [Auto | Running]) -- C:\Windows\SysNative\uxtuneup.dll ()
SRV:64bit: - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe ()
SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
========== Driver Services (SafeList) ==========
 
DRV - (Asapi [Auto | Stopped]) -- C:\Windows\SysWow64\drivers\asapi.sys (VOB Computersysteme GmbH)
DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys ()
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2008.09.03 06:46:31 | 00,000,000 | ---D | M]
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV:64bit: - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys ()
DRV:64bit: - (aswFsBlk [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys ()
DRV:64bit: - (aswMonFlt [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys ()
DRV:64bit: - (aswRdr [System | Running]) -- C:\Windows\SysNative\drivers\aswRdr.sys ()
DRV:64bit: - (aswSP [System | Running]) -- C:\Windows\SysNative\drivers\aswSP.sys ()
DRV:64bit: - (aswTdi [System | Running]) -- C:\Windows\SysNative\drivers\aswTdi.sys ()
DRV:64bit: - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys ()
DRV:64bit: - (atksgt [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys ()
DRV:64bit: - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys ()
DRV:64bit: - (HdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (lirsgt [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
 
========== Modules (SafeList) ==========
 
MOD - C:\Program Files (x86)\Xfire\xfire_toucan_39729.dll (Xfire Inc.)
MOD - C:\Users\maik\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWow64\MSVCR71.DLL (Microsoft Corporation)
MOD - C:\Windows\SysWow64\WSOCK32.dll (Microsoft Corporation)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "BLASC - Datenbank"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.0.3
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.03 00:16:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.10.04 14:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.10.20 12:42:29 | 00,000,000 | ---D | M]
 
[2008.09.02 22:27:32 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Extensions
[2008.09.02 22:27:32 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.23 16:07:27 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions
[2009.08.21 09:19:35 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.08.24 14:26:16 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.20 13:09:17 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009.06.30 16:10:17 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\battlefieldheroespatcher@ea.com
[2009.05.06 15:25:50 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\chenyanxu8821@163.com
[2009.05.06 15:17:23 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\NPDyyno@dyyno.com
[2008.09.21 11:09:23 | 00,001,840 | ---- | M] () -- C:\Users\maik\AppData\Roaming\Mozilla\FireFox\Profiles\zdjjgmi6.default\searchplugins\blasc---datenbank.xml
[2009.10.23 16:07:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.11 23:48:40 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.04.15 11:15:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.10.20 12:42:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.04.15 11:15:21 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\search@searchsettings.com
[2009.09.11 23:48:37 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009.09.11 23:48:37 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009.04.15 22:24:54 | 01,044,480 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009.10.20 12:42:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009.04.15 22:24:36 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009.04.15 22:24:44 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008.06.27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009.09.11 23:48:37 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2003.07.14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
[2009.02.27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009.04.15 22:24:54 | 00,200,704 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009.08.18 19:00:05 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.18 19:00:05 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.18 19:00:05 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009.08.18 19:00:05 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.09.11 23:48:37 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.18 19:00:05 | 00,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.18 22:25:38 | 00,000,815 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (736 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Windows\SysNative\oodtray.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe File not found
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BLASC] C:\Program Files (x86)\buffed\BLASC.exe (Computec Media AG)
O4 - HKCU..\Run: [nHancer] C:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme (x86)\Microsoft Office\OFFICE11\EXCEL.EXE File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
 
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://stage.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[1 C:\Windows\*.tmp files]
[2009.10.21 23:31:26 | 00,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.10.07 01:15:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009.10.22 16:22:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.10.20 16:25:30 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009.10.21 23:31:44 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009.10.17 18:19:52 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Roaming\Dev-Cpp
[2009.10.22 16:22:58 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Roaming\Malwarebytes
[2009.10.20 12:49:30 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Roaming\OpenOffice.org
[2009.10.21 23:32:09 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Roaming\TuneUp Software
[2 C:\Users\maik\AppData\Local\*.tmp files]
[2009.10.07 01:16:52 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Local\Adobe
[2009.10.20 16:15:51 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Local\Apps
[2 C:\Users\maik\AppData\Local\*.tmp files]
[1 C:\Users\maik\Desktop\*.tmp files]
[2009.10.07 01:15:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2009.10.07 01:15:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2009.10.20 13:09:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AskBarDis
[2009.10.20 22:46:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AusLogics Emergency Recovery
[2009.10.20 12:41:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009.10.20 12:43:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2009.10.20 13:32:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ontrack
[2009.10.20 12:43:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2009.10.21 23:31:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2009
[2009.10.10 12:20:25 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009.10.22 16:22:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.10.21 23:32:25 | 00,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2009.10.21 23:32:25 | 00,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2009.10.20 23:38:56 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2009.10.20 16:59:50 | 00,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeployV.exe
[2009.10.20 16:27:36 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\Restored Files
[2009.10.20 12:42:29 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2009.10.20 12:42:29 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009.10.20 12:42:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009.10.20 12:42:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009.10.14 21:12:02 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009.10.14 21:12:01 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009.10.14 21:12:00 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009.10.14 21:12:00 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009.10.14 21:11:59 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009.10.14 21:10:59 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009.10.14 21:10:56 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009.10.14 21:10:53 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009.10.14 21:10:52 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009.10.14 21:10:52 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009.10.14 21:10:52 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009.10.14 21:10:51 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009.10.14 21:10:50 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009.10.14 21:10:50 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009.10.14 21:10:50 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009.10.14 21:10:50 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009.10.14 21:10:50 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009.10.14 21:10:49 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009.10.14 21:10:49 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009.10.14 21:10:49 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009.10.14 21:10:49 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.10.14 21:10:49 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009.10.14 21:10:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009.10.14 21:10:48 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009.10.14 21:10:48 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009.10.14 21:10:48 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009.10.14 21:09:30 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009.10.14 21:09:30 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009.10.14 21:09:29 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009.10.14 21:09:24 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009.10.07 01:15:50 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009.10.07 00:55:49 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\ERE
[2009.10.06 22:21:03 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\prg
[2009.10.03 14:32:21 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009.10.03 14:32:21 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009.10.03 14:32:21 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009.10.03 14:32:13 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009.10.03 14:32:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2009.09.30 23:52:52 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\EG1
[2009.09.29 18:45:41 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\Mathe teil 1
 
========== Files - Modified Within 30 Days ==========
 
[1 C:\Windows\*.tmp files]
[2 C:\Users\maik\AppData\Local\*.tmp files]
[1 C:\Users\maik\Desktop\*.tmp files]
[2009.10.23 16:01:43 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F61977E-ED3D-470C-80F2-7C711A595570}.job
[2009.10.23 16:00:01 | 00,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2009.10.23 15:56:26 | 00,056,096 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.10.23 15:56:25 | 00,001,724 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2009.10.23 15:56:23 | 00,056,096 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.10.23 15:56:12 | 00,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.10.23 15:56:12 | 00,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.10.23 15:56:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.10.23 15:56:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.10.23 15:55:58 | 00,556,772 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2009.10.22 20:31:16 | 03,163,287 | -H-- | M] () -- C:\Users\maik\AppData\Local\IconCache.db
[2009.10.21 23:32:34 | 00,842,056 | ---- | M] () -- C:\Windows\SysNative\TUProgSt.exe
[2009.10.21 23:32:10 | 00,506,696 | ---- | M] () -- C:\Windows\SysNative\TuneUpDefragService.exe
[2009.10.21 23:32:03 | 00,001,753 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2009.10.21 23:32:02 | 00,001,669 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009.10.20 18:04:40 | 00,005,393 | ---- | M] () -- C:\Users\maik\Documents\USBRECOVERTEST.DPN
[2009.10.20 14:12:14 | 00,097,888 | ---- | M] () -- C:\Users\maik\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.10.20 14:10:58 | 00,390,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009.10.20 12:44:16 | 00,001,051 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009.10.20 12:42:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009.10.20 12:42:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009.10.20 12:42:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009.10.20 12:42:09 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2009.10.20 11:13:51 | 01,418,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.10.20 11:13:51 | 00,615,998 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2009.10.20 11:13:51 | 00,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.10.20 11:13:51 | 00,122,304 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2009.10.20 11:13:51 | 00,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.10.20 11:10:49 | 00,000,413 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2009.10.15 01:58:08 | 00,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2009.10.15 01:58:06 | 00,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2009.10.08 11:54:06 | 00,022,016 | ---- | M] () -- C:\Users\maik\Documents\Tilla.doc
[2009.10.07 01:16:01 | 00,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.10.02 20:40:19 | 26,575,296 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009.10.01 14:54:35 | 00,024,576 | ---- | M] () -- C:\Users\maik\Documents\in einen harung.doc
[2009.10.01 10:29:14 | 00,238,960 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe
 
========== Files - No Company Name ==========
[2009.10.22 16:22:53 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009.10.21 23:33:08 | 00,000,534 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2009.10.21 23:32:34 | 00,842,056 | ---- | C] () -- C:\Windows\SysNative\TUProgSt.exe
[2009.10.21 23:32:25 | 00,035,144 | ---- | C] () -- C:\Windows\SysNative\uxtuneup.dll
[2009.10.21 23:32:25 | 00,020,808 | ---- | C] () -- C:\Windows\SysNative\authuitu.dll
[2009.10.21 23:32:10 | 00,506,696 | ---- | C] () -- C:\Windows\SysNative\TuneUpDefragService.exe
[2009.10.21 23:32:03 | 00,001,753 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2009.10.21 23:32:02 | 00,001,669 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009.10.20 18:14:29 | 00,338,944 | ---- | C] () -- C:\Users\maik\Documents\Examensarbeit Rinser Finale final draft kkkkkkk.doc
[2009.10.20 18:04:40 | 00,005,393 | ---- | C] () -- C:\Users\maik\Documents\USBRECOVERTEST.DPN
[2009.10.20 12:44:16 | 00,001,051 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009.10.20 11:10:50 | 00,006,772 | ---- | C] () -- C:\Windows\SysWow64\int13ext.vxd
[2009.10.20 11:10:49 | 00,000,413 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2009.10.15 01:58:08 | 00,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2009.10.15 01:58:06 | 00,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009.10.14 21:12:13 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009.10.14 21:12:02 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009.10.14 21:12:02 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009.10.14 21:12:00 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009.10.14 21:12:00 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009.10.14 21:12:00 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009.10.14 21:10:59 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009.10.14 21:10:55 | 09,236,992 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009.10.14 21:10:54 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009.10.14 21:10:52 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009.10.14 21:10:52 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009.10.14 21:10:51 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009.10.14 21:10:51 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009.10.14 21:10:51 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009.10.14 21:10:50 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009.10.14 21:10:50 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009.10.14 21:10:49 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009.10.14 21:10:49 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009.10.14 21:10:49 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009.10.14 21:10:49 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009.10.14 21:10:49 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009.10.14 21:10:49 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009.10.14 21:10:48 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009.10.14 21:10:48 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009.10.14 21:10:48 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009.10.14 21:10:48 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009.10.14 21:10:48 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009.10.14 21:09:31 | 01,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2009.10.14 21:09:31 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009.10.14 21:09:30 | 00,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009.10.14 21:09:30 | 00,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2009.10.14 21:09:28 | 00,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2009.10.14 21:09:28 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2009.10.14 21:09:26 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009.10.14 21:09:24 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009.10.12 16:21:22 | 00,001,724 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2009.10.08 11:19:29 | 00,022,016 | ---- | C] () -- C:\Users\maik\Documents\Tilla.doc
[2009.10.07 01:16:01 | 00,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.10.03 14:32:44 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009.10.03 14:32:44 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009.10.03 14:32:43 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009.10.03 14:32:43 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009.10.03 14:32:21 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009.10.03 14:32:21 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009.10.03 14:32:21 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009.10.03 14:32:13 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009.10.03 14:32:13 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009.10.02 20:10:06 | 00,238,960 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2009.10.01 14:54:35 | 00,024,576 | ---- | C] () -- C:\Users\maik\Documents\in einen harung.doc
[2009.06.19 21:36:05 | 00,056,096 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.19 21:35:54 | 00,056,096 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.08 00:58:23 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.04.21 12:40:24 | 00,004,096 | -H-- | C] () -- C:\Users\maik\AppData\Local\keyfile3.drm
[2009.04.06 14:45:25 | 00,000,127 | ---- | C] () -- C:\Windows\Sam8_D.INI
[2009.03.06 17:59:25 | 00,076,800 | ---- | C] () -- C:\Windows\SysWow64\BD120.dll
[2009.02.18 21:53:54 | 00,194,150 | ---- | C] () -- C:\Users\maik\AppData\Local\dd_depcheckdotnetfx30.txt
[2009.02.18 21:53:45 | 00,178,554 | ---- | C] () -- C:\Users\maik\AppData\Local\dd_dotnetfx3install.txt
[2009.02.18 21:53:45 | 00,007,320 | ---- | C] () -- C:\Users\maik\AppData\Local\uxeventlog.txt
[2009.02.18 21:53:45 | 00,002,850 | ---- | C] () -- C:\Users\maik\AppData\Local\dd_dotnetfx3error.txt
[2009.02.13 19:32:39 | 00,000,284 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.12.28 14:28:11 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2008.12.28 14:27:51 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2008.12.28 14:25:51 | 00,001,188 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.10 00:35:00 | 03,163,287 | -H-- | C] () -- C:\Users\maik\AppData\Local\IconCache.db
[2008.10.29 22:49:32 | 00,000,069 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini
[2008.10.29 18:09:30 | 00,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008.10.28 17:40:48 | 00,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.10.09 20:44:19 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008.10.07 17:40:30 | 00,000,680 | ---- | C] () -- C:\Users\maik\AppData\Local\d3d9caps.dat
[2008.10.07 17:40:26 | 00,000,552 | ---- | C] () -- C:\Users\maik\AppData\Local\d3d8caps.dat
[2008.10.07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.22 14:13:00 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.11 14:46:26 | 00,034,304 | ---- | C] () -- C:\Users\maik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.02 23:05:31 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.09.02 22:38:51 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008.09.02 22:38:51 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008.09.02 22:38:49 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2008.09.02 22:38:49 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2008.09.02 21:58:21 | 00,030,564 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008.09.02 21:58:01 | 00,030,312 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.09.02 21:53:33 | 00,097,888 | ---- | C] () -- C:\Users\maik\AppData\Local\GDIPFONTCACHEV1.DAT
[2008.09.02 21:53:11 | 00,000,732 | ---- | C] () -- C:\Users\maik\AppData\Local\d3d9caps64.dat
[2008.06.05 08:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.01.21 04:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:48:56 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.12.28 09:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006.11.02 17:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006.11.02 17:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006.11.02 14:34:27 | 00,000,305 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2004.08.06 20:00:42 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\WINREGP.DLL
[2004.02.06 13:05:22 | 00,014,848 | ---- | C] () -- C:\Windows\SysWow64\TERNT.DLL
[2004.02.06 13:00:04 | 00,015,872 | ---- | C] () -- C:\Windows\SysWow64\TER9X.DLL
[2003.12.14 02:03:42 | 01,107,472 | ---- | C] () -- C:\Windows\SysWow64\OWL52.DLL
< End of report >
         
--- --- ---

und hier das 2te logflie von OTL:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.10.2009 16:13:27 - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\maik\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 59,93% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): c:\pagefile.sys 6200 6200 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 240,08 Gb Free Space | 51,55% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 60,95 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAIK-PC
Current User Name: maik
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-25070272-2197854149-4258674722-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078CD6F7-DB92-4711-ABCF-7BAF2829B917}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{07CCDD65-B974-4612-A608-9B3D49711B18}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0814462B-845C-46BC-82FA-35CB6B1E05FD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{08D0A995-7B6E-4B73-A059-07BEF13A94C2}" = rport=2178 | protocol=6 | dir=out | app=system | 
"{0EFB5352-95DE-4597-9C1A-DEF5976DF347}" = lport=1012 | protocol=6 | dir=in | name=fritz | 
"{14C65693-A31C-4D60-AFAD-E9F0559CF522}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{18C86CC9-F972-4547-9480-4699FFC5D14F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1AED900F-C3C6-4B58-A4DE-75FFCB2A37F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{229268FC-AA11-46A7-AC02-3F2BF6827B84}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{253B77CC-DFCF-4AFB-8565-576EEFFD11F2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{34DB335B-BEA5-46F1-BCF6-EDAEEB275269}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4922778F-8F51-4751-8F5F-89B9E5626279}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{4AE98533-BD28-46FC-8141-C2889B2B738C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5C817B20-3A25-4B7F-8E4C-39D6FF1121E0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{71C014C3-A56B-49BF-942E-F109F2C60CEF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{733CDE60-470F-4228-882E-3713B71088C8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7469D4A8-AAC1-4B0B-8DF6-F545A1E5D0D8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{76892E27-1041-4257-88F5-530750663E2D}" = lport=2178 | protocol=6 | dir=in | app=system | 
"{7B68FC56-3771-4137-A3C6-7BACD203F0A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E444B35-0D06-4AEC-810D-524CCB23C532}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{875114E9-D378-4177-8D3A-185209F69B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9715FAB6-3B03-4E94-A7D4-7B4995DD5AA6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9990E02A-DE60-4AF2-A80F-C3595B89D9DE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9B4FEA12-FE26-4E58-AA4E-03E3D9E3B3CC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9BFA9A3A-6A57-489D-A48B-8BF9C785F325}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9CA7E74F-CB2B-4356-A5A1-B4F00C5E7CA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A637D1FF-1D4A-49B0-95AE-870AC5E93A75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B0EC0381-66D8-4717-BAA9-9B47CBEDA727}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | 
"{B494E13C-344F-4008-80A8-63DCFD13F33F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5FF77A1-F037-4B1D-8230-EF08954E7F39}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B6D03E97-7A4D-4FBC-8280-8817433EEF54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B873B2AF-413A-42D8-A6CA-66B96A78CBFB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DD2B5265-7E54-4465-9BAB-D75A75590107}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DE32F06C-A19E-477B-9CF5-3867FAE56380}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{E321F0C7-7A94-4B4C-865F-C9EFE02E00E1}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{F622DE33-587B-4350-B3CB-214325CE28B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0185CFDA-F46E-4560-B171-7293C7B3A0CF}" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\common\eve online\eve.exe | 
"{06D1A7FD-0D79-4F0F-BEC9-3CA171277626}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{08B2CE9E-C965-4673-A90E-54460BF1DDE2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0C751B90-1BBA-44E0-9C4B-E6FAF53B8FA2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{0E1AE9BE-1B73-449E-A133-2769D6F98B99}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{0E4E7D69-8EC0-4BA9-9A2B-668F0B6E4A49}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{1A417DD8-05AD-41BC-84A8-9A44E7EE9553}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{1ACFF89A-4AEF-4D38-BA36-ED509F0076EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{205A56E1-E726-4BF6-84BC-F30E702D0529}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{20E56B8E-3E6F-4BA0-90A6-08E7F7CB5BC5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{22EB9090-1FA9-4D6C-B37D-8713F4F8FD30}" = protocol=6 | dir=out | app=system | 
"{29AF9B3D-A88F-43E1-9B4F-7385C52283C4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{2CD8BB2B-DA7D-4EC8-BB98-25A7C9ECBB29}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2FB0BFFF-B8FC-4E2E-B81A-C45ECBD0F0CF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{311410AA-8C2F-4867-B77A-B7FDED4F933A}" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\common\fear2spdemo\fear2spdemo.exe | 
"{360E122D-8C67-4C2B-BCE3-4258BE714D73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{39CB4015-A6E1-4A90-8096-0EEF38C40D82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3ACD82E2-8C6F-4BB7-AC08-D2C795A35972}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{42EE4AFB-1F4E-4A4B-BE07-8CAC61018E64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{43F41165-B5E5-4368-A9B8-C32E4C9F9EC1}" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\common\eve online\eve.exe | 
"{46752746-9BE9-41F4-83B5-1231436457F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{4730333E-7C77-46BB-A211-484778227588}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | 
"{4AA671F8-8ECC-4659-BE05-7F613AA78528}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{4C5530F3-F379-4F42-B631-3D458ACB3E4C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{50991F6B-75D9-4229-9052-FA605A4F4702}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{530C5E6D-4276-43AE-B481-8A21A6A3135D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{55E1C1C7-91E5-4A75-9B47-3AD00B91E5B3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{56BF813F-980A-40AD-97F2-545171B09411}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5A4E3EE1-B940-4F26-843B-4186E192BA42}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | 
"{647EB738-A050-49E1-9A92-08C7423E1FF5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{6BBC8367-7E57-4023-9AF8-8788659551E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6C276685-A5F2-48CF-8B19-8D1DF81DED0F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6C8FCC66-5D46-476E-8ABF-E48D37F1D57E}" = protocol=17 | dir=in | app=c:\users\maik\appdata\locallow\dyyno receiver\dppm.exe | 
"{6CCB9F58-7E06-4D20-839F-9563883DEB64}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | 
"{72788361-1DAE-4215-91E2-DEFB418F004D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{761609BF-DEA9-4168-ABA4-7C6C038735CE}" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\common\fear2spdemo\fear2spdemo.exe | 
"{795478F9-CA13-48DE-9D8D-08DA14EE5115}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | 
"{7A62E962-DBC5-4603-B7EA-1E33BFE37757}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7ECD15F4-7C39-4ECE-B67E-B325B25FA857}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{7F70E0D3-8FC0-4051-AAC6-811ECE3CA95E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8024A299-B578-4B0C-83A1-AD950BFEF320}" = protocol=6 | dir=in | app=c:\users\maik\appdata\local\temp\jdstart.exe | 
"{81821A85-8C9C-4E34-8A63-DDA9BCC2FB4A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{83D0EE51-3575-4335-AE37-B4351A0DDE78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86ADDA8B-315C-449A-BB70-A4E4EA5348CC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{899A35F5-9ADD-4412-9741-023F25815306}" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{8C495399-F421-4AA6-8A41-9BDC221B0F3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E66AC56-B468-4633-AD59-7EAF1C7D7286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{916B9924-F61E-47BF-B8D5-A439DA722E0D}" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{91BA914C-31FF-437E-9B7E-D2CEC2C0130A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{93F73137-22A4-40B5-8A2B-6C55746852F1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{97124022-0244-43FE-9F43-5B870BD94840}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | 
"{9903EEED-E76A-4841-93A8-BC144EEA3D85}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{9AF33039-8242-4098-8BA9-09477F0434DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{A03672B1-388D-4B1D-A353-53B7457B0B68}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A23719EE-7B9F-4438-9010-B93C81E7C54F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{A3FB04E3-CBB3-48E7-BB04-2C1FB808F458}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A7C2646E-4682-4348-A09B-90FBAB9C2EC9}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | 
"{AE338470-72F5-45D4-81DE-F79E3106ACAD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{AE51E383-601F-4972-A822-5C50EA89BBDE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{AE65A23D-E358-4B63-BC1A-567FDE86D54B}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{B0DF3840-8E2C-4E0B-93D4-1E20A69A2C1D}" = protocol=17 | dir=in | app=c:\users\maik\appdata\local\temp\jdstart.exe | 
"{B14CB527-FA3C-411D-B278-0D7AA82856C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B46A68AC-4C08-44D9-8896-A70CEE7008EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B51E2C08-1AB1-4440-9226-0161E1B04534}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{B7FBFD67-A1D4-4A0E-AF1E-B2E167AB2136}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe | 
"{BE75C4D5-E932-4FF5-8539-49BA17479DBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C48E739B-BF6A-4E91-A1FE-7ABDF8A65878}" = protocol=6 | dir=in | app=c:\users\maik\appdata\locallow\dyyno receiver\dppm.exe | 
"{D338553A-677E-463B-BF36-C35A0E637D6C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{D66FAC8C-6392-4D84-AE44-F3006951CF7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF0B59D1-3DAE-4D53-962B-7ABD572740D8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E2F06239-A6AE-4F77-A3FC-BED7FFF19EB6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E945B8D6-4A9A-40B2-9242-FC16536B3085}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe | 
"{F713968C-6C89-4242-A00C-9FAA6AD891CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9449F18-0755-4BB3-BC3A-1768E7D5C532}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FBE70713-DC9A-4455-8271-D61E4CB34A88}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"TCP Query User{02B3C261-374D-43B3-BAFD-2B27BBDA6C48}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{0872F309-2457-4CC5-A337-E46F70E11315}C:\users\maik\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\maik\appdata\locallow\dyyno receiver\dppm.exe | 
"TCP Query User{14327AB3-6086-4288-B046-D3DC72A1FC2C}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{1B49253B-9304-4C49-A5CD-A8D98BD78A57}D:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=d:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe | 
"TCP Query User{28D06DED-F4B8-41B1-A093-6B800EF8D756}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{292C7F60-F99F-43DE-8680-3F3654C7F28B}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"TCP Query User{2A538960-637F-4B3E-A092-785886AF20F9}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{33ED58E8-65A4-4574-85C3-F39DD2D82E85}D:\icq6\icq.exe" = protocol=6 | dir=in | app=d:\icq6\icq.exe | 
"TCP Query User{3D51AA46-1D95-4707-A8B0-AB19D655AD3D}D:\valve\steam\steamapps\maikachtermann\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\maikachtermann\counter-strike source\hl2.exe | 
"TCP Query User{4C0B0800-517B-4BE0-AED5-2FB386BB74D5}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{5954817D-E331-43A3-9B89-CC39AC15530D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{5E46C8B0-7B87-486E-AF7C-4A134B5B8EF8}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"TCP Query User{6B39F82D-C71E-41EC-999F-B7971576D5BD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{773B831E-5FD3-45D3-A7FC-855D8959C90B}D:\grid\grid.exe" = protocol=6 | dir=in | app=d:\grid\grid.exe | 
"TCP Query User{792C218C-2160-42D2-BB57-5E5072FF6557}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{7BFCA40C-AA02-4D83-974D-69FC2CE6A1EE}D:\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe | 
"TCP Query User{81F91D9D-2DBD-457D-8D09-322BC1B0D5AF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{8986DDFE-6A3E-4ECE-9EF9-E45BA2F14AFA}D:\spiele neu\dead space\dead space.exe" = protocol=6 | dir=in | app=d:\spiele neu\dead space\dead space.exe | 
"TCP Query User{90A14B87-4333-4DEE-B479-4E520DFB4135}C:\program files (x86)\blobby volley\volley.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blobby volley\volley.exe | 
"TCP Query User{9D4CFCBB-24D0-4176-9661-68E420C84865}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{A92CCA58-385E-4635-8FF8-1E0B74E1285B}D:\valve\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\common\eve online\bin\exefile.exe | 
"TCP Query User{AB2B1290-FFA3-465E-81B1-3B8B28B2D60F}D:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=d:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe | 
"TCP Query User{C82A0238-52FA-4C66-B5FE-006589AACC29}C:\program files (x86)\blobby volley\volley.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blobby volley\volley.exe | 
"TCP Query User{CC66DC74-0DB7-4838-AC21-784F68BED17B}D:\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe | 
"TCP Query User{CEAC968E-3893-40C9-981B-0BA065E92E98}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{CEBED8D6-B85E-4DB5-B032-2B6D77DA6810}D:\spiele neu\dead space\dead space.exe" = protocol=6 | dir=in | app=d:\spiele neu\dead space\dead space.exe | 
"TCP Query User{F99A5F78-624B-4316-94AB-F8F6FC643645}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"UDP Query User{00C763DB-CE6C-4C05-8B22-098B56562E0A}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{1193D5F1-3483-417A-A0B2-094336A81017}D:\valve\steam\steamapps\maikachtermann\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\maikachtermann\counter-strike source\hl2.exe | 
"UDP Query User{11EEEA90-7D8A-43AF-A394-D4E98B59A5F2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{14392510-C94D-4F97-8B68-8ACABBADB151}D:\icq6\icq.exe" = protocol=17 | dir=in | app=d:\icq6\icq.exe | 
"UDP Query User{21C8BB40-042B-405F-AD56-C148EE7B8007}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"UDP Query User{5252226A-3DA1-4C64-8610-8A7B11E07467}D:\spiele neu\dead space\dead space.exe" = protocol=17 | dir=in | app=d:\spiele neu\dead space\dead space.exe | 
"UDP Query User{5EE8E653-5450-473C-95D5-82A095492B01}D:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=d:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe | 
"UDP Query User{86BB66F7-E54A-4A8D-BB1E-9B89FD2D7A60}D:\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe | 
"UDP Query User{8AD6CAD4-95C9-4935-B92F-31DE055AAAAD}C:\users\maik\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\maik\appdata\locallow\dyyno receiver\dppm.exe | 
"UDP Query User{8CCA2965-D3EA-4722-85E3-1B39856CB84B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{A3545D1D-BBFE-45A8-9454-C496AA208F0A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{A500325F-2CEE-4139-8880-7D41D67DE79C}D:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=d:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe | 
"UDP Query User{A8BFA494-E951-46D8-AAA8-914AAE6BED43}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{AFFFBFB6-C74C-497F-A552-19E5EE99CD9D}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"UDP Query User{B410A1A2-6390-4904-A2F7-111B901C88AF}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{B44EB0A8-7213-4DFB-A392-049C83CC063B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{B7969137-2437-44C6-975E-9C3E1FAB1595}C:\program files (x86)\blobby volley\volley.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blobby volley\volley.exe | 
"UDP Query User{BC578A8D-3C03-481F-AFD9-754ABDA6AC27}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{C22E0AD2-AD66-4A99-AC0F-F9717FD8E86A}D:\grid\grid.exe" = protocol=17 | dir=in | app=d:\grid\grid.exe | 
"UDP Query User{C84C474E-2E2A-4BD6-B1EC-DD7EA17C9201}D:\valve\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\common\eve online\bin\exefile.exe | 
"UDP Query User{CE0457D5-884A-4A53-A1BF-C87A857F98F1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{CE52B838-21DD-4B4B-BD94-855B7FCDB9A4}D:\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe | 
"UDP Query User{D13ECD8B-2CCF-4DF2-B627-F46854B34C57}C:\program files (x86)\blobby volley\volley.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blobby volley\volley.exe | 
"UDP Query User{D642F73C-8D9C-4DAF-B7C6-AAA068E0CF3D}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{D7CEBA75-67B9-478B-B594-28C051E11FB7}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{F971603F-4E2C-432B-B179-D01E6C923EFC}D:\spiele neu\dead space\dead space.exe" = protocol=17 | dir=in | app=d:\spiele neu\dead space\dead space.exe | 
"UDP Query User{FD00121D-9242-4916-A7C7-3D244E421BC6}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{087BEB30-5324-4615-A097-51DB44EC5B71}" = O&O Defrag Professional Edition
"{23F383FC-242A-45B8-969E-7FD85FBB764D}" = nHancer
"{43602F34-1AA3-44FB-AEB2-D08C2C737440}" = Paint.NET v3.36
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{de2f2d9c-53e2-40ee-8209-74da63cb060f}" = Python 3.0.1 (64-bit)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01008201-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Enzyklopädie 2002
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3AC3721C-D4A2-42D0-9A25-4E190B4931EF}" = Hercules Crystal based Sound cards
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{4D4C7CA5-3912-40A3-94BF-9B8089188A7A}" = FRITZBox Anrufmonitor
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C128CF4-AD6B-42C6-A6E0-DF62406C1D44}" = DOC Regenerator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{685C7EBA-82F4-44F8-9514-911A69850DA3}" = Express Gate
"{6F3F58D0-6CE9-4B76-B3C2-9E5BD6323992}" = Quake Live Mozilla Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{ECF78678-38CD-4C92-8353-195E92A4BD7C}_is1" = AusLogics Emergency Recovery
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"Addictive Drums Demo" = Addictive Drums Demo
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"BBE Sonic Maximizer Plugin" = BBE Sonic Maximizer Plugin
"BioDrummer v1.2" = BioDrummer v1.2
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner (remove only)
"Cubasis VST 5" = Cubasis VST 5
"CurseClient" = Curse Client
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Disk Investigator" = Disk Investigator 1.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DyynoPlayer" = DyynoPlayer 0.8.6f
"EVEMon" = EVEMon
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Groove Monkee Sample Pack" = Groove Monkee Sample Pack
"Guitar Pro 5_is1" = Guitar Pro 5.2
"GuitarScalesMethod_is1" = GSM 1.1.4.2
"HijackThis" = HijackThis 2.0.2
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Magix Samplitude Professional v8.0" = Magix Samplitude Professional v8.0
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master Unit" = Master Unit
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Muon Tau MDrive" = Muon Tau MDrive
"Native Instruments - Rig Kontrol 3 Driver" = Native Instruments - Rig Kontrol 3 Driver
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Shockwave" = Shockwave
"Steam App 500" = Left 4 Dead
"Steam App 8500" = EVE Online
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 0.9.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Documents Recover-Center" = Documents Recover-Center 1.0
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 08.05.2009 16:32:23 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005. 
 
Error - 20.07.2009 13:21:11 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005. 
 
Error - 21.07.2009 19:57:34 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\325898297\Owner.mdb failed, 00000005. 
 
Error - 30.08.2009 18:50:26 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005. 
 
Error - 02.09.2009 18:15:03 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005. 
 
Error - 16.09.2009 19:50:52 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005. 
 
Error - 13.10.2009 18:49:59 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Local\Adobe\Updater6\Install\reader9rdr-de_DE\AdbeRdr920_de_DE.msi
failed, 00000005. 
 
Error - 22.10.2009 13:12:34 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Public\Documents\buffed\Configs\Config.db failed, 00000005. 
 
Error - 22.10.2009 13:12:36 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
failed, 00000005. 
 
Error - 22.10.2009 14:31:17 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Public\Documents\buffed\Configs\Config.db failed, 00000005. 
 
[ Application Events ]
Error - 20.10.2009 16:27:49 | Computer Name = maik-PC | Source = Application Hang | ID = 1002
Description = Programm undelete_plus.exe, Version 3.0.0.602 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: e04 Anfangszeit: 01ca51c394c000fe Zeitpunkt
der Beendigung: 15
 
Error - 20.10.2009 18:09:09 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.10.2009 16:45:55 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.10.2009 17:04:15 | Computer Name = maik-PC | Source = VSS | ID = 8194
Description = 
 
Error - 22.10.2009 07:27:21 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.10.2009 07:31:09 | Computer Name = maik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung escal.exe, Version 0.0.0.0, Zeitstempel 0x4ad232d5,
fehlerhaftes Modul escal.exe, Version 0.0.0.0, Zeitstempel 0x4ad232d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000010cc, Prozess-ID 0xdec, Anwendungsstartzeit 01ca530b26be6b0e.
 
Error - 22.10.2009 07:31:15 | Computer Name = maik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung h2635s.exe, Version 0.0.0.0, Zeitstempel 0x724d3eef,
fehlerhaftes Modul h2635s.exe, Version 0.0.0.0, Zeitstempel 0x724d3eef, Ausnahmecode
0xc0000005, Fehleroffset 0x0000828d, Prozess-ID 0x9cc, Anwendungsstartzeit 01ca530b2a512ebe.
 
Error - 22.10.2009 07:41:56 | Computer Name = maik-PC | Source = VSS | ID = 8194
Description = 
 
Error - 22.10.2009 13:15:22 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.10.2009 09:57:43 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 30.04.2009 02:57:26 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 30.04.2009 09:04:23 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 30.04.2009 09:31:40 | Computer Name = maik-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -85400 Sekunden
geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal -54000
Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123)
funktionsfähig ist.
 
Error - 01.05.2009 09:16:07 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 03.05.2009 03:35:43 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 04.05.2009 03:55:51 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.05.2009 04:28:19 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.05.2009 05:19:03 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.05.2009 06:20:18 | Computer Name = maik-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.05.2009 06:21:25 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description = 
 
[ TuneUp Events ]
Error - 22.10.2009 10:22:58 | Computer Name = maik-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-22 16:22:58', '\device\harddiskvolume1\malwarebytes'
anti-malware\mbam.exe','4672',0)
 
Error - 22.10.2009 10:23:33 | Computer Name = maik-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-22 16:23:33', '\device\harddiskvolume1\malwarebytes'
anti-malware\mbam.exe','4484',0)
 
Error - 22.10.2009 10:23:48 | Computer Name = maik-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-22 16:23:48', '\device\harddiskvolume1\malwarebytes'
anti-malware\mbam.exe','5084',0)
 
 
< End of report >
         
--- --- ---

Alt 23.10.2009, 16:52   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender meldet Win32/Renos.JS - Standard

Windows Defender meldet Win32/Renos.JS



Hast Du noch das Logfile von MalwareBytes? Wenn ja bitte posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2009, 10:40   #6
FieserBert
 
Windows Defender meldet Win32/Renos.JS - Standard

Windows Defender meldet Win32/Renos.JS



Müsste ja das im MWB ordner sein:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3011
Windows 6.0.6001 Service Pack 1

22.10.2009 19:10:11
mbam-log-2009-10-22 (19-09-58).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 513439
Laufzeit: 1 hour(s), 2 minute(s), 19 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Aufnahmeprogramme\Samplitude_V8_professional\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\msb.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\Users\maik\AppData\Local\Temp\b.exe (Trojan.Downloader) -> No action taken.
C:\Users\maik\AppData\Local\Temp\msxml71.dll (Trojan.FakeAlert) -> No action taken.

Antwort

Themen zu Windows Defender meldet Win32/Renos.JS
64bit, ausführen, avast, datei, defender, download, downloader, erhalte, gestern, gäste, gästen, heute, loader, melde, meldet, meldung, scanen, schütze, software, system, trojaner, trojaner downloader, ungebetene, vista, vista 64bit, win32/renos.js, windows



Ähnliche Themen: Windows Defender meldet Win32/Renos.JS


  1. Windows 7 Meldung Win32/Small-CA Virus entfernen, AntiVir findet nichts, Windows Update und Defender funktionieren nicht mehr
    Log-Analyse und Auswertung - 20.11.2013 (15)
  2. windows defender-warnung Adware: win32/PriceGong
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (40)
  3. Windows defender warnt vor adware: win32/WidgiToolbar
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (0)
  4. Win Defender meldet plötzlich trojanDownloader:Win32/Kargany.A
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (21)
  5. Backdoor:Win32/Cycbot.B - Infiziert seit dem 25.12.2010, Meldung durch Windows Defender.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (1)
  6. Trojaner Win32/Renos.Lx und Win32/Renos.Nx + weitere (?)
    Log-Analyse und Auswertung - 09.11.2010 (1)
  7. Windows Defender meldet sich dauernd
    Log-Analyse und Auswertung - 16.05.2010 (2)
  8. TrojanDowloader Win32/Renos.JM auf dem Rechner ( Windows Defender zeigt Meldung an )
    Log-Analyse und Auswertung - 03.02.2010 (14)
  9. Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 27.11.2009 (17)
  10. Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 12.11.2009 (11)
  11. WinTrojaner: 32/Renos.N, Win32/Renos.JT, Win32/Renos.JI
    Log-Analyse und Auswertung - 05.10.2009 (11)
  12. Win32/RBot.3eu, W32/Gaobot.worm.gen.u, win32/renos.n, win32/renos.jt
    Plagegeister aller Art und deren Bekämpfung - 01.10.2009 (17)
  13. Windows Defender meldet: nicht verfügbar
    Log-Analyse und Auswertung - 11.07.2009 (86)
  14. Windows Defender meldet immer wieder : TrojanDownloader:Win32/Renos.DZ
    Plagegeister aller Art und deren Bekämpfung - 02.06.2009 (0)
  15. Windows Defender findet Win32/Agent
    Plagegeister aller Art und deren Bekämpfung - 17.05.2009 (23)
  16. Kaspersky meldet Hoax.Win32.Renos.esa (Fehlalarm?)
    Mülltonne - 11.11.2008 (0)
  17. Windows-Defender meldet Backdoor.win32/Rbot
    Log-Analyse und Auswertung - 15.04.2008 (1)

Zum Thema Windows Defender meldet Win32/Renos.JS - Hallo, ich benutze derzeit Avast und den Windows Defender, um mich vor ungebetenen Gästen zu schützen. (Vista 64bit system) Nach einem Download gestern Abend habe ich wie gewohnt vor dem - Windows Defender meldet Win32/Renos.JS...
Archiv
Du betrachtest: Windows Defender meldet Win32/Renos.JS auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.