| |
| |||||||
Log-Analyse und Auswertung: Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.06.2010, 17:27
| #1 |
 |  Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Hallo zusammen, dies ist mein erster Beitrag in diesem Forum. Ich habe mir letzte Woche nen Virus eingefangen der sich als Virenscanner getarnt hat, exakt vor der Abfahrt in meinen Urlaub.  Zum Glück hatte ein Kumpel auf meinem Rechner Codestuff Starter und procexp. installiert. Damit konnten wir beim Neustart den Virus am starten hintern und haben folgende Autostarts deaktiviert ixux.exe, Dwx.exe und tahqgumtssd.exe Gestern und heute habe ich mich dann im Netz schlau gemacht. Antivir und Microsoft Essentials drüber laufen lassen. Anschließend noch Adaware und Spyboot Search and Destroy ebenso mit CC Cleaner die Registry mehrmals bereinigt. Schlussendlich mit HiJack mehrere Logfiles gemacht, diese geprüft und bereinigt. So wie es aussieht ist mein System nun sauber, zumindest wenn ich nach dem letzten HiJack Logfile gehe. Da ich aber so was zum ersten mal gemacht habe bin ich mir nicht sicher. Habe ich vielleicht was übersehen oder bin ich wirklich aus dem Schneider? Vielen Dank für die Hilfe im voraus Powersearcher (leider ist das r bei der Anmeldung hier verloren gegangen ;-) Anbei der aktuelle Logfile Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:23:41, on 27.06.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Ahead\Lib\NeroGadgetCMServer.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\CodeStuff\Starter\Starter.exe C:\Users\M.S.\Desktop\procexp.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\M. S.\Downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} (AstroAvengerLoader Control) - hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\Windows\SCARDS32.EXE O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 13237 bytes |
|
27.06.2010, 17:30
| #2 |
| /// Selecta Jahrusso   | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
MSConfig
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
Bitte poste in Deiner nächsten Antwort OTL.txt Extras.txt
__________________ |
|
27.06.2010, 19:10
| #3 |
| |  Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Hallo Larusso,
__________________vielen dank für die schnelle Antwort. Ich habe/hatte vor meine Daten zu sichern und mir in den nächsten Wochen eine neue Festplatte zu besorgen. Leider kam mir der Virus ein bißchen zu früh in die Quere und ich weiss nicht ob ich mir beim letzten Backup, auf der externen Festplatte, den Burschen mit gesichert habe. Anbei die gewünschten Logfiles, ich hoffe ich hab alles richtig gemacht. Wenn nicht einfach meckern   Grüße powersearcher Ich musste beide Files einzeln posten da sie zu groß sind OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.06.2010 19:24:25 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Mark\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 269,41 Gb Total Space | 28,68 Gb Free Space | 10,64% Space Free | Partition Type: NTFS Drive D: | 28,67 Gb Total Space | 21,27 Gb Free Space | 74,21% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 246,71 Mb Total Space | 118,01 Mb Free Space | 47,83% Space Free | Partition Type: FAT Computer Name: MARK Current User Name: Mark Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.06.27 19:20:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe PRC - [2010.06.19 12:49:24 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010.06.19 12:49:23 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.02.21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.08.14 04:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.14 04:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.08.05 21:19:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009.02.19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.04.03 20:37:36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe PRC - [2008.02.19 09:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe PRC - [2008.01.31 18:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe PRC - [2008.01.22 13:21:44 | 000,259,368 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NeroGadgetCMServer.exe PRC - [2007.05.12 21:46:38 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007.02.23 12:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe PRC - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2006.12.01 14:37:50 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe PRC - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) -- C:\Windows\SCARDS32.EXE PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2010.06.27 19:20:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.06.19 12:49:23 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.14 04:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.08.05 21:19:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.02.19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.23 12:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService) SRV - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto | Running] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009.12.07 22:32:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.12.02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009.12.02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2009.09.30 16:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.08.14 06:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2009.08.14 06:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.24 20:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2009.07.19 11:28:31 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.19 11:28:31 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.01.27 16:37:01 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2008.12.18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.12.18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.12.18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.12.16 16:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\xfilt.sys -- (xfilt) DRV - [2008.12.16 16:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2008.10.31 09:11:02 | 000,027,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VL807.sys -- (VL807) DRV - [2008.10.31 09:11:02 | 000,018,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GWHid.sys -- (GWHid) DRV - [2008.10.23 19:50:01 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh) DRV - [2008.09.17 09:55:00 | 007,379,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.02.20 21:42:36 | 000,020,520 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2008.02.20 21:42:36 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2008.01.19 07:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883) DRV - [2008.01.19 07:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc) DRV - [2008.01.19 07:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV) DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.10.03 20:55:38 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.05.17 09:45:51 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex) DRV - [2007.05.17 09:45:50 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2007.05.17 09:45:49 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm) DRV - [2007.05.17 09:45:49 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2007.05.11 17:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2007.04.11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2007.04.11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2007.04.11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007.04.03 11:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.01.08 19:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.12.01 14:38:58 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.08.28 15:48:46 | 000,004,352 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TF0801.sys -- (TF0801) DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005.09.19 03:07:00 | 000,035,275 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TwkUsb2K.sys -- (CHIPDRIVE USB SmartCardReader) DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2004.08.25 15:06:00 | 000,185,611 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TWKSER2K.sys -- (TWKSER2K) DRV - [2003.04.30 02:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TWKPCSC.SYS -- (TwkPCSC) DRV - [2003.04.30 02:14:00 | 000,005,550 | ---- | M] (Towitoko AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TWKPNP.SYS -- (TWKPNP) DRV - [2003.04.30 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TWKMS.SYS -- (TwkMs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: pagehacker-nico@nc:1.2 FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3 FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.18 22:48:23 | 000,000,000 | ---D | M] [2010.05.08 16:32:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions [2010.05.08 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions [2010.05.08 16:34:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.08 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\fastYoutubeDownloader@yevgenyandrov.net [2010.05.08 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\pagehacker-nico@nc [2010.05.08 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\smarterwiki@wikiatic.com [2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\FireFox\Profiles\a6mz7ae3.default\searchplugins\icqplugin.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab (AstroAvengerLoader Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0698e888-1677-11dc-813b-0019db5a3837}\Shell - "" = AutoRun O33 - MountPoints2\{0698e888-1677-11dc-813b-0019db5a3837}\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pcwstart.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.03.19 22:16:58 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk - C:\PROGRA~1\ADOBEM~1\ADOBEM~1.EXE - File not found MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.06.27 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.06.27 08:18:12 | 000,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp [2010.06.27 08:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.06.27 08:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2010.06.27 08:12:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.06.27 06:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.06.27 06:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.06.26 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010.06.19 12:50:00 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 12:45:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.06.19 10:48:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.06.19 10:42:32 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Mark\Desktop\Ad-AwareInstaller.exe [2010.06.19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff [2010.05.20 17:33:02 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Brother [2010.05.14 19:45:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Meine empfangenen Dateien [2010.05.14 19:06:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\Tracing [2010.05.14 19:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010.05.14 19:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2010.05.14 18:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar [2010.05.14 18:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2010.05.14 18:21:32 | 000,000,000 | ---D | C] -- C:\Users\MarkAppData\Roaming\ICQ [2010.05.14 18:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1 [2010.05.08 21:00:56 | 003,879,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mark\Desktop\procexp.exe [2010.05.08 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Mozilla [2010.05.08 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\zerstörer [2010.04.28 13:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.28 13:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.04.19 20:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.04.19 20:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.06.27 19:26:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F1A883CC-8CB1-4FC9-AFF7-A13F8DC58013}.job [2010.06.27 19:25:24 | 004,718,592 | -HS- | M] () -- C:\Users\Mark\ntuser.dat [2010.06.27 19:24:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.27 19:24:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.27 19:17:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.27 17:40:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.27 17:40:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.27 10:23:53 | 000,012,466 | ---- | M] () -- C:\Users\Mark\Documents\hijackthis2 [2010.06.27 09:45:37 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.27 09:45:37 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.27 09:45:37 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.27 09:45:36 | 001,472,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.27 09:45:36 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.27 09:41:17 | 000,000,328 | ---- | M] () -- C:\Windows\scardsrv.ini [2010.06.27 09:41:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.06.27 09:40:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.27 09:40:23 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2010.06.27 09:38:36 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010.06.27 09:38:36 | 000,065,536 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TM.blf [2010.06.27 09:38:33 | 006,291,456 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db [2010.06.27 08:23:57 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.27 08:13:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010.06.27 06:15:37 | 000,001,019 | ---- | M] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk [2010.06.27 06:15:33 | 000,126,464 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.26 19:37:56 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.06.19 12:49:54 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 12:45:50 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.19 11:25:08 | 000,031,858 | ---- | M] () -- C:\Users\Mark\Documents\cc_20100619_112435.reg [2010.06.19 10:48:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.06.19 10:42:37 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Mark\Desktop\Ad-AwareInstaller.exe [2010.06.19 10:24:08 | 000,001,828 | ---- | M] () -- C:\Users\Mark\Desktop\CodeStuff Starter.lnk [2010.06.19 10:23:34 | 000,680,340 | ---- | M] () -- C:\Users\Mark\Desktop\StarterSetup5629.zip [2010.06.18 15:45:59 | 006,049,493 | ---- | M] () -- C:\Users\Mark\Desktop\K'naan - Wavin flag (WM 2010).mp3 [2010.06.18 15:41:35 | 004,910,972 | ---- | M] () -- C:\Users\Mar\Desktop\Shakira - waka waka.mp3 [2010.06.18 15:38:04 | 003,998,149 | ---- | M] () -- C:\Users\Mark\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3 [2010.06.10 21:23:15 | 000,419,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.09 20:58:49 | 000,021,478 | ---- | M] () -- C:\Users\Mark\Documents\Trainingsplan Juni. 10.xlsx [2010.06.02 20:43:27 | 000,036,864 | ---- | M] () -- C:\Users\Mark\Documents\Trainingsplan Apr. 10.xls [2010.05.20 22:10:56 | 039,109,498 | ---- | M] () -- C:\Users\Mark\Documents\Jahresprogramm_webPDF.pdf [2010.05.20 17:05:02 | 000,002,591 | ---- | M] () -- C:\Users\Mark\Desktop\Microsoft Office Word 2007.lnk [2010.05.18 21:41:06 | 000,967,680 | ---- | M] () -- C:\Users\Mark\Desktop\.doc [2010.05.14 18:19:53 | 000,000,033 | ---- | M] () -- C:\Users\Mark\Desktop\cmd.php [2010.05.08 21:00:49 | 001,728,943 | ---- | M] () -- C:\Users\Mark\Desktop\ProcessExplorer.zip [2010.05.08 20:56:30 | 000,000,953 | ---- | M] () -- C:\Users\Mark\Desktop\Internet Explorer.lnk [2010.05.08 13:46:40 | 214,923,128 | ---- | M] () -- C:\Users\Mark\Desktop\clip0028.avi [2010.05.08 13:44:04 | 010,238,098 | ---- | M] () -- C:\Users\Mark\Desktop\clip0027.avi [2010.05.08 13:43:30 | 350,131,300 | ---- | M] () -- C:\Users\Mark\Desktop\clip0026.avi [2010.05.08 13:35:28 | 274,192,286 | ---- | M] () -- C:\Users\Mark\Documents\clip0026.avi [2010.05.08 13:31:10 | 129,251,592 | ---- | M] () -- C:\Users\Mark\Documents\clip0025.avi [2010.05.05 14:48:12 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat [2010.04.28 13:29:13 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.04.26 07:49:17 | 194,934,412 | ---- | M] () -- C:\Users\Mark\Documents\clip0024.avi [2010.04.25 17:59:47 | 062,061,190 | ---- | M] () -- C:\Users\Mark\Documents\clip0023.avi [2010.04.25 17:58:48 | 158,577,058 | ---- | M] () -- C:\Users\Mark\Documents\clip0022.avi [2010.04.25 10:02:03 | 000,000,094 | ---- | M] () -- C:\Users\Mark\Documents\PDVD_MediaDisc.PlayList [2010.04.25 08:14:44 | 417,536,496 | ---- | M] () -- C:\Users\Mark\Documents\clip0021.avi [2010.04.25 08:10:26 | 007,971,076 | ---- | M] () -- C:\Users\Mark\Documents\clip0020.avi [2010.04.25 08:07:35 | 001,464,918 | ---- | M] () -- C:\Users\Mark\Documents\clip0019.avi [2010.04.24 21:19:15 | 016,297,776 | ---- | M] () -- C:\Users\Mark\Documents\clip0018.avi [2010.04.24 21:18:35 | 037,861,808 | ---- | M] () -- C:\Users\Mark\Documents\clip0017.avi [2010.04.24 21:17:50 | 120,898,346 | ---- | M] () -- C:\Users\Mark\Documents\clip0016.avi [2010.04.24 21:16:39 | 002,547,616 | ---- | M] () -- C:\Users\Mark\Documents\clip0015.avi [2010.04.24 21:16:37 | 001,362,646 | ---- | M] () -- C:\Users\Mark\Documents\clip0014.avi [2010.04.24 21:16:36 | 000,533,100 | ---- | M] () -- C:\Users\Mark\Documents\clip0013.avi [2010.04.24 21:16:36 | 000,509,656 | ---- | M] () -- C:\Users\Mark\Documents\clip0012.avi [2010.04.24 21:16:30 | 138,336,402 | ---- | M] () -- C:\Users\Mark\Documents\clip0011.avi [2010.04.24 21:14:54 | 014,959,376 | ---- | M] () -- C:\Users\Mark\Documents\clip0010.avi [2010.04.24 13:49:14 | 039,281,058 | ---- | M] () -- C:\Users\Mark\Documents\clip0009.avi [2010.04.24 13:01:18 | 418,863,908 | ---- | M] () -- C:\Users\Mark\Documents\clip0008.avi [2010.04.18 23:13:15 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000002.regtrans-ms [2010.04.18 00:27:13 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{52714324-ee21-11dd-a5af-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010.04.18 00:27:13 | 000,065,536 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{52714324-ee21-11dd-a5af-00038a000015}.TM.blf [2010.04.15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Mark\Desktop\procexp.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.27 10:23:53 | 000,012,466 | ---- | C] () -- C:\Users\Mark\Documents\hijackthis2 [2010.06.27 08:23:57 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.27 08:13:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2010.06.27 06:15:37 | 000,001,019 | ---- | C] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk [2010.06.26 19:37:56 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.06.19 17:56:29 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.06.19 12:45:50 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.19 11:24:40 | 000,031,858 | ---- | C] () -- C:\Users\Mark\Documents\cc_20100619_112435.reg [2010.06.19 10:24:08 | 000,001,828 | ---- | C] () -- C:\Users\Mark\Desktop\CodeStuff Starter.lnk [2010.06.19 10:23:32 | 000,680,340 | ---- | C] () -- C:\Users\Mark\Desktop\StarterSetup5629.zip [2010.06.18 15:45:59 | 006,049,493 | ---- | C] () -- C:\Users\Mark\Desktop\K'naan - Wavin flag (WM 2010).mp3 [2010.06.18 15:41:35 | 004,910,972 | ---- | C] () -- C:\Users\Mark\Desktop\Shakira - waka waka.mp3 [2010.06.18 15:38:04 | 003,998,149 | ---- | C] () -- C:\Users\Mark\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3 [2010.06.02 20:43:56 | 000,021,478 | ---- | C] () -- C:\Users\Mark\Documents\Trainingsplan Juni. 10.xlsx [2010.05.24 10:18:58 | 000,036,864 | ---- | C] () -- C:\Users\Mark\Documents\Trainingsplan Apr. 10.xls [2010.05.20 22:10:50 | 039,109,498 | ---- | C] () -- C:\Users\Mark\Documents\Jahresprogramm_webPDF.pdf [2010.05.18 21:33:27 | 000,967,680 | ---- | C] () -- C:\Users\Mark\Desktop\.doc [2010.05.14 18:19:49 | 000,000,033 | ---- | C] () -- C:\Users\Mark\Desktop\cmd.php [2010.05.08 21:00:34 | 001,728,943 | ---- | C] () -- C:\Users\Mark\Desktop\ProcessExplorer.zip [2010.05.08 20:56:30 | 000,000,953 | ---- | C] () -- C:\Users\Mark\Desktop\Internet Explorer.lnk [2010.05.08 13:44:43 | 214,923,128 | ---- | C] () -- C:\Users\Mark\Desktop\clip0028.avi [2010.05.08 13:43:58 | 010,238,098 | ---- | C] () -- C:\Users\Mark\Desktop\clip0027.avi [2010.05.08 13:40:49 | 350,131,300 | ---- | C] () -- C:\Users\Mark\Desktop\clip0026.avi [2010.05.08 13:31:55 | 274,192,286 | ---- | C] () -- C:\Users\Mark\Documents\clip0026.avi [2010.05.08 13:30:17 | 129,251,592 | ---- | C] () -- C:\Users\Mark\Documents\clip0025.avi [2010.04.28 13:29:13 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.04.26 07:47:57 | 194,934,412 | ---- | C] () -- C:\Users\Mark\Documents\clip0024.avi [2010.04.25 17:59:24 | 062,061,190 | ---- | C] () -- C:\Users\Mark\Documents\clip0023.avi [2010.04.25 17:57:48 | 158,577,058 | ---- | C] () -- C:\Users\Mark\Documents\clip0022.avi [2010.04.25 08:12:17 | 417,536,496 | ---- | C] () -- C:\Users\Mark\Documents\clip0021.avi [2010.04.25 08:10:23 | 007,971,076 | ---- | C] () -- C:\Users\Mark\Documents\clip0020.avi [2010.04.25 08:07:34 | 001,464,918 | ---- | C] () -- C:\Users\Mark\Documents\clip0019.avi [2010.04.24 21:19:09 | 016,297,776 | ---- | C] () -- C:\Users\Mark\Documents\clip0018.avi [2010.04.24 21:18:20 | 037,861,808 | ---- | C] () -- C:\Users\Mark\Documents\clip0017.avi [2010.04.24 21:17:08 | 120,898,346 | ---- | C] () -- C:\Users\Mark\Documents\clip0016.avi [2010.04.24 21:16:37 | 002,547,616 | ---- | C] () -- C:\Users\Mark\Documents\clip0015.avi [2010.04.24 21:16:36 | 001,362,646 | ---- | C] () -- C:\Users\Mark\Documents\clip0014.avi [2010.04.24 21:16:36 | 000,533,100 | ---- | C] () -- C:\Users\Mark\Documents\clip0013.avi [2010.04.24 21:16:35 | 000,509,656 | ---- | C] () -- C:\Users\Mark\Documents\clip0012.avi [2010.04.24 21:14:56 | 138,336,402 | ---- | C] () -- C:\Users\Mark\Documents\clip0011.avi [2010.04.24 21:14:49 | 014,959,376 | ---- | C] () -- C:\Users\Mark\Documents\clip0010.avi [2010.04.24 13:48:42 | 039,281,058 | ---- | C] () -- C:\Users\Mark\Documents\clip0009.avi [2010.04.24 12:58:57 | 418,863,908 | ---- | C] () -- C:\Users\Mark\Documents\clip0008.avi [2010.04.18 18:18:43 | 000,524,288 | -HS- | C] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000002.regtrans-ms [2010.04.18 18:18:43 | 000,524,288 | -HS- | C] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010.04.18 18:18:42 | 000,065,536 | -HS- | C] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TM.blf [2010.04.12 21:32:33 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2010.04.09 22:12:19 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.09 22:12:15 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.02.27 11:03:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.02.27 11:03:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.02.27 10:55:24 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2010.01.30 11:12:55 | 000,004,352 | ---- | C] () -- C:\Windows\System32\drivers\TF0801.sys [2009.12.07 18:26:12 | 000,000,020 | ---- | C] () -- C:\Windows\TTN.INI [2009.08.18 20:47:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.07 15:46:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.07.07 15:46:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.02.08 08:22:19 | 000,027,184 | ---- | C] () -- C:\Windows\System32\drivers\VL807.sys [2009.02.08 08:21:53 | 000,064,048 | ---- | C] () -- C:\Windows\System32\Hidhlp.dll [2009.02.08 08:21:53 | 000,055,856 | ---- | C] () -- C:\Windows\System32\iFT7195.dll [2009.02.05 19:06:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.12.12 08:43:43 | 000,000,160 | ---- | C] () -- C:\Windows\asrapi.ini [2008.12.12 08:43:03 | 000,081,920 | ---- | C] () -- C:\Windows\asr3232.dll [2008.10.15 19:30:20 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.10.15 19:30:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.10 20:50:02 | 000,000,065 | ---- | C] () -- C:\Windows\WININIT.INI [2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2008.05.07 21:04:51 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2008.05.07 21:04:51 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2007.10.03 20:55:38 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2007.05.26 15:51:54 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2007.05.26 15:51:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2007.05.14 20:58:55 | 000,000,015 | ---- | C] () -- C:\Windows\PUST2.ini [2007.05.08 18:45:59 | 000,000,000 | ---- | C] () -- C:\Windows\TCLOG.INI [2007.05.07 18:16:07 | 000,000,328 | ---- | C] () -- C:\Windows\scardsrv.ini [2007.05.06 20:46:01 | 000,000,610 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2007.02.26 18:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.02.26 18:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.02.10 17:17:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.02.09 16:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.02.09 15:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.20 08:34:10 | 000,000,114 | ---- | C] () -- C:\Windows\Buhl.ini [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2009.11.27 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Any Video Converter [2009.11.27 20:26:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Any Video Converter Professional [2009.01.17 15:04:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bayer04 Publisher [2008.05.18 10:13:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Buhl Data Service [2009.08.06 18:59:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Buhl Data Service GmbH [2007.05.07 19:06:24 | 000,000,000 | ---D | M] -- C:\Users\Marku\AppData\Roaming\DataDesign [2008.03.14 21:20:31 | 000,000,000 | ---D | M] -- C:\Users\Marku\AppData\Roaming\dp3d [2007.10.02 23:01:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Engelmann Media [2009.11.27 18:00:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FreeVideoConverter [2010.05.18 18:53:36 | 000,000,000 | ---D | M] -- C:\Users\Marku\AppData\Roaming\ICQ [2008.12.13 23:27:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Imperium Romanum [2010.02.01 15:47:12 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LetsTrade [2009.06.21 12:54:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MAGIX [2010.02.23 17:40:06 | 000,000,000 | ---D | M] -- C:\Users\MarkAppData\Roaming\ManyCam [2009.05.11 17:42:08 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MuldeR [2007.11.26 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\My Games [2009.10.19 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Nokia [2009.01.03 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenOffice.org [2008.11.30 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PC Suite [2007.05.25 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PeerNetworking [2009.02.05 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ProtectDisc [2009.10.07 19:55:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Robots [2008.03.21 14:31:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Teleca [2007.05.06 22:16:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Template [2010.05.26 22:46:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Teup [2009.11.24 19:24:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TVcentral-Core [2010.03.23 22:00:13 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ubisoft [2007.05.12 09:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ulead Systems [2010.05.28 19:26:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Uxfov [2010.06.27 09:38:55 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.27 19:26:00 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F1A883CC-8CB1-4FC9-AFF7-A13F8DC58013}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.06.27 09:40:21 | 000,002,012 | ---- | M] () -- C:\aaw7boot.log [2008.10.11 15:08:19 | 000,000,000 | ---- | M] () -- C:\AILog.txt [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007.02.09 14:38:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.06.27 09:40:23 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2007.02.10 17:20:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.02.15 23:52:30 | 000,000,905 | -H-- | M] () -- C:\IPH.PH [2007.02.10 17:20:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.06.27 09:40:21 | 2459,705,344 | -HS- | M] () -- C:\pagefile.sys [2006.11.29 23:29:40 | 000,000,512 | ---- | M] () -- C:\TVE.iss [1 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.08.14 04:16:22 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 10:48:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.04.19 20:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys < %systemroot%\system32\user32.dll /md5 > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > |
|
27.06.2010, 19:11
| #4 |
| | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? hier der zweite OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.06.2010 19:24:25 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Mark\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 28,68 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 21,27 Gb Free Space | 74,21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 246,71 Mb Total Space | 118,01 Mb Free Space | 47,83% Space Free | Partition Type: FAT
Computer Name: MARK-PC
Current User Name: Mark
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm Fotowelt.exe] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CBC1B0-79AC-4AD3-A546-A2E33C6B7609}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{0D198F02-52ED-4ECC-B7C6-BF51E2D0424F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{1B5690D5-33F9-4D79-B127-8F5E871701B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{1E87AEBB-E3B0-46C5-8B0F-F17B67BA8ED1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FFEE479-4F84-4CFC-82EF-578E116FFAF9}" = lport=5357 | protocol=6 | dir=in | app=system |
"{22A575F3-07B6-484E-B219-96D22F0DE313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{26A5DF50-0C4A-43D7-9E34-0328CE3F9526}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{2C536B09-3AAE-4EFD-8D03-ED11C149B7CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{355CA782-D708-4BB8-A02F-FFB99A507F15}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{38838B88-7BF8-4376-B5BE-567D8BA2802E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D488C39-EF67-4851-898F-49F5169E2D2F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{3D78703F-8268-4A05-B37A-D939BD562B02}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{4E0FEF2E-EDB2-42FE-B8D6-A7E80756C5D6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4F4A14F3-47C9-47F8-86A2-14681C73B9C6}" = rport=5358 | protocol=6 | dir=out | app=system |
"{4F65B46D-5880-49FB-A262-37A18E261E5E}" = rport=5357 | protocol=6 | dir=out | app=system |
"{5BD1BDDD-834F-41C4-81F1-CBC7A01A4B77}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5DDECE78-67C0-4E0E-BB9B-7FA20CDE1E10}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{60F91A31-DEB3-48DA-8B5E-2BF65C50DB60}" = lport=5358 | protocol=6 | dir=in | app=system |
"{740A023A-2160-4ABC-A2C6-4D8B48290AC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78D5BCB7-79C7-4F93-BDE1-B49C3DFCF4F0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7F78B9DD-8FD0-4C51-806D-59793DD5F658}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{88AE2DB5-9522-47A8-BBFB-D7DDF7D4F4C0}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{897C0FE8-6576-4B20-98D8-00D8AB4BEAEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{930ED437-D85D-4034-9966-D47DAAE73AB5}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{99D12D0E-03B3-4737-B324-7D252F4B5722}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{B3DF2580-F75C-46C5-9F0E-4EF59A5395B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{B67A5FD6-2DE2-4ADA-ABC8-911AFB9797F2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{CADABE61-8DA2-46A7-A7E0-2D9AC1D71351}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{E79255F1-9522-43DC-A80A-00F7204257EC}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{EAA8B625-7FFB-48CE-BCC3-142F0BBCAF25}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C56ADE-2E8D-4D07-BA0C-09FD401E032E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{08C77F3C-B232-4A59-9377-6BC3F42CE7A0}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{0B41292A-BFC4-4DBA-91A9-8E6098293177}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1190C1CA-7AED-4D29-85D4-AADC1F0D1C81}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe |
"{1317EA3D-E0A5-4F02-A477-A351853008AA}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{14E00577-7BD1-49EB-AFD3-D287F765BC5F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{17E02DF2-83C2-4E1C-B6DF-E490B5137D73}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1D9C9E28-CF47-4C85-B483-8C83D7DE1992}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{28A74334-DE56-4DEE-89C4-BC633EF1E47D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe |
"{2B7994E2-76D4-4A7D-A115-C1271337C6E3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2EBCDF1C-D9ED-47B4-86AC-2E642ABDD10D}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{33EBF189-2B7A-4302-9A32-2F669B7CD033}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{368BC80A-7010-4BE8-BB43-0064CFE9C16A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3824DAAB-3471-42E7-ABA0-48968FAB9996}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{42FF3394-75B6-4A8A-AA67-4A1800F4EFB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4664A922-B9BA-4960-9546-654DD0D51B57}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{47F784DE-8962-48F2-871D-04825AAF38CC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4A88DA37-B671-4F32-A70F-E0FA452E69A9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1192965770\ee\aolsoftware.exe |
"{4B711CE7-1494-4505-A991-65F984B0A007}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4BFA13AC-40F1-41B1-963C-81A479DE31B9}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{516F2D29-1E65-4A77-9DFF-CA76A98F16E1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{586F126F-7F84-44ED-8A8E-BBB99E887229}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{59C73435-0CAB-4740-A966-53BC16221577}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59F990E5-81DD-498A-A391-18780015D87D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{691B8BE3-9BC3-4330-B313-5DC578250DED}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{69B4337B-16AF-45D3-BACC-226821A02D68}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6C2ADBE1-81DD-4DE6-BB68-AC359D18D6A4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{6E6F63A9-9C6F-48CC-9814-EA6E7C485721}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe |
"{75F58A64-047F-408B-A3D1-93BD279C184C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{78C8811E-F6DF-4F57-ACF5-9C2050CD17AF}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{79980D05-554A-45E2-A03E-FD2261CA090F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8BEFE9AA-39AF-4AD1-B99F-7664B47413D2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{91FE0556-A73E-49A7-A5EE-A04B18A0DDC8}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B2E95EE-00CA-428E-90F0-F59D7803FE93}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{A9B6FEDC-05B8-414F-AA31-9084CC001A99}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{AC775A12-FF52-4C0C-A83A-639755D94218}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B28D1979-7475-490D-8175-573C4CAF935A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B513CCCE-2EC1-449C-B8C3-287651017C7A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7B6D999-7F54-4FA3-B866-1CAD27B76F9E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{B870B9B8-AE5C-4F76-AD1D-3192AA8BA994}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B98FF62E-ED00-468F-8F88-ED3B5EC5C95A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{BB2FBDFB-DCC2-489C-AAA7-A9FE418D4D02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC61D0DA-A3A8-4C60-BF16-CEE64E4C111D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{BF12935C-E1BA-4B49-B9E3-AA13EF2979EB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C9DC6B03-22A0-45AD-8EB3-F0E2B70E8B1A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{CA044B58-2BB9-4BC4-B272-256C7432D426}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CADAFD28-5210-425E-8542-DBA9E768A7E1}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{CE63222C-6E80-45DF-BEE9-FB270889A597}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{CF6B80F9-0737-423A-B854-9BBCCC2C3E79}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{DAA853F0-DA7C-4017-A27A-D4AAF1527068}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1192965770\ee\aolsoftware.exe |
"{DD889D98-2E7C-4E1F-810E-9F5A1912A770}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{E55A7624-6129-4BCC-B3D6-F3453272E62E}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{E584CCC2-2EA6-445C-805D-1ECA275C3364}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{EFED6540-E96C-4F1F-AC19-3A4B45E795B9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{F5DFBBCD-B201-4E91-A961-D6DC4AF2AE73}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{FC248F42-B34E-48D6-831F-4AC7E76E9A59}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"TCP Query User{00976E33-A593-4F88-A7CB-F4FD148CC3A9}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"TCP Query User{02049D0A-0594-4493-BFD1-00CA59F1C8A4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{162C956A-1D30-4758-BCC6-A585CDE2AA01}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe |
"TCP Query User{1C03DC42-2A82-49D5-A51A-3A4A72A4C835}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{1D24D467-0755-4027-9028-FDC27627B470}C:\program files\capcom\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lostplanetdx9.exe |
"TCP Query User{20CE3137-20CD-4043-AA1F-FFC83F9FF1D8}C:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe" = protocol=6 | dir=in | app=c:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe |
"TCP Query User{23423AF3-15F9-4E6A-BCE2-1ED4AF0CD535}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{2A491597-1C4B-413F-8744-02FC0920F4FE}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{2A63B7BE-9F78-4BFA-969A-6100BB266F4D}C:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe |
"TCP Query User{34149E9A-D625-48BF-8C95-2F711A9656FE}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{3537AEC0-4946-4BE8-A9C6-7C0B06BE1064}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=6 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe |
"TCP Query User{36F525F1-D0BC-4080-9E07-BC9F5440170B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{3895D241-4CF6-4C1C-92A7-2921139C152E}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |
"TCP Query User{44B1DF90-5A7B-4392-8CBF-58A0B6863E6E}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{48600E56-F316-4DEB-BC5B-EDB402004D11}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"TCP Query User{4977C400-8FC6-48A4-9EDA-2DC65D4317D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{592F564B-90CE-4F63-B95E-F7DAE2D7A223}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{65E4F729-5176-48FD-96B8-E90C3F818A5B}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{67D522E9-7974-46AC-815F-008139D64BEF}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{68A137A9-697E-4C6F-A781-793A92741305}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=6 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe |
"TCP Query User{6CE86AD9-BD4C-463F-AEA4-36FC47BEE32E}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"TCP Query User{788949C4-CA4A-43B1-8D44-0BC4D6737A95}C:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe |
"TCP Query User{78ACA6CA-6B7C-43C9-8B4A-B03DFF789F71}C:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe |
"TCP Query User{83F2A201-1D48-4BFC-96A5-7CCC48C1CFF0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8414516E-F39F-4631-A36B-8359A76A6AF6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{850B2120-1CD4-47C6-AD0E-135470562BE1}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{980A777C-55AC-439C-8AEA-611A71CDEBD0}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=6 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe |
"TCP Query User{AC1F2A58-42A9-4512-8DA6-CEDBA12AE0DB}C:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe |
"TCP Query User{AE971C37-F7ED-4A5A-8D59-2DE6E453E33D}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\mar\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{AF6E5B82-8158-4880-B5C4-EB06A2DBE9DD}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{B0A692B1-0536-4AC4-A0C3-4D9E9CAE0349}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{BA13BF34-64C0-4A78-AFDA-E32B79AE8A11}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{BEC285BB-AD85-4141-A60D-67A7D5B7F96D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C0654B3D-FCDC-4ACB-8451-8B167D383266}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{C5096789-47D1-4E4F-B803-8142F2D41204}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C71FC0D2-E6AA-4A5F-9586-090817893E43}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{CAAFFB15-3F5D-4678-ABD4-E6EA4316E2DF}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D175B165-9EB1-48D5-A34B-2E69C6577586}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{D4CE7C15-D573-419B-A646-2023EFAC2875}C:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{DF5CC906-C15E-42F3-9659-CEC8B734970C}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{E6DD3623-E393-4C92-80E4-248DCC276DC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F0EA31BE-CAF9-4B38-8E87-D45420980B36}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{07BF4AF4-32EA-47E2-A86E-345BE34E6C35}C:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe |
"UDP Query User{0A2E0C1F-0138-4620-8E3A-4E3375B5E258}C:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{0B4E9260-D9E2-4162-A034-83875A2AAAB8}C:\program files\capcom\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lostplanetdx9.exe |
"UDP Query User{1235F594-3240-4732-8436-248411B1FFCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1997202B-BBBD-448A-947F-EB9457522124}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{2B02A798-D566-4C58-B820-6921894516DA}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{2B34300F-5461-44D3-898F-9391BD7E8A4D}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{2DFDF9AF-6CF6-4EE8-A0A1-10BE9FBA1DF7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{2FD8F7D0-2062-43F9-A6B8-1E1CF58DA86B}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{3341E114-D986-43C3-9EDF-1E9D308AFF00}C:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe" = protocol=17 | dir=in | app=c:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe |
"UDP Query User{4200CA67-1133-4355-9713-15AEB70E7FCA}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{44B47E32-025E-4971-90A6-9C30EF66A438}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{46572F1D-3810-4534-93AB-35F262609643}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{527F03A4-6F10-4BB3-AEC8-802C775EE08F}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"UDP Query User{6041F239-4F55-43F9-9507-E078BC0C29A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{73C1F558-1EA1-42B9-B618-2070946B997D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{893CFED1-9D7B-415C-92C7-5206824F915B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{8B0400FB-41F0-4A86-9584-E73DF5AF4F0F}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=17 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe |
"UDP Query User{8E385BE0-B6F3-41FA-8430-12A1EF41B1EC}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe |
"UDP Query User{92576D25-1570-4BC1-8391-44FA86F3CE69}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{96DEA020-41DC-4B80-A9D0-58F4CA059C06}C:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe |
"UDP Query User{9B9EF7C3-84E5-4960-B136-1EAFCE5B3BA2}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"UDP Query User{A66A4BB8-7085-470A-BE30-78565133E067}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{ADEC7F44-3BF3-4CD7-9CFD-A2D7275A2859}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{AECAA2E5-73DC-4209-BBF8-C5882D8F25ED}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |
"UDP Query User{B02A394E-A1B8-45FC-99C5-604EBF81B6F0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B2F2A3E7-39D9-4E98-B33A-3A42BE3ADF25}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=17 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe |
"UDP Query User{B676DFB3-32F0-4142-8D04-0C4C9A5541C0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{B965DF5D-E7C7-4E56-AF1B-C8CEAE7DFD77}C:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe |
"UDP Query User{BBA1F888-DAE9-4EDB-881C-2F87744B7BF6}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BC4CC1CE-38DC-470C-8FF9-0CCC4AB6D246}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{BF9285D1-64D4-4B71-8C5A-A93B9DC09636}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{C6CC2BF8-D328-4E03-9AB7-2934F444DBA7}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{C77E5F34-406E-4D90-9B52-5DF5ECE7BA99}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{CC1612F6-4431-4B69-998F-50865710B0DD}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{CD43C8C5-4C64-4612-8FBB-A560331DB0BE}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{D63A4373-A5D3-46C3-9E63-BF6AC4780140}C:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe |
"UDP Query User{DCB2A323-CA24-4C01-8294-21A09056C6B7}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"UDP Query User{E0B5C60E-DC56-482C-AE6E-E0262DCE15A1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E9DA1AED-E1F7-4968-B499-514331E5FE90}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=17 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe |
"UDP Query User{FAD8FFC0-B8BB-46C3-91A4-683DA2BB69B1}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{FD20C98B-0EF6-4555-8F68-B87E050629D3}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A0BD20-71D1-F60D-32DF-7A828187693B}" = ccc-utility
"{0332234E-09D1-4B74-A5F3-73E34BA29F5B}" = Nokia Software Updater
"{037D0596-043A-6CF0-7161-C1240590E3D4}" = CCC Help Norwegian
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08633C60-680F-F32C-8C91-377EA7AE3CAD}" = Catalyst Control Center Graphics Full Existing
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F19E412-CA39-1DC9-409E-D20130E97CB5}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232579E4-B963-B742-9AEF-2A156C7F1012}" = HydraVision
"{24E42D00-A7B3-43B3-1831-E1D38BBE1C04}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C38C251-DE7B-40DC-9D26-C54044348DE5}" = BBI USB WIRELESS CONTROLLER
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{30909DAD-50D9-5C8F-E4EA-B6CD33219F8A}" = CCC Help Dutch
"{30BFA63D-EABB-1850-5E6F-39270E401FE9}" = CCC Help Portuguese
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34DE4F36-3814-5CAD-9A61-DEFA6C908F9A}" = CCC Help English
"{3647638A-36CF-08B0-71A2-C9C382A396BA}" = CCC Help Hungarian
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{37D9C685-0F4B-2D8E-59E3-3CE151CE0051}" = ATI Catalyst Install Manager
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41DA146B-1218-35C7-F9F7-1329BDA0FCEC}" = Catalyst Control Center Graphics Light
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{48C564CC-6269-1FAB-25FC-E77EC663A8EE}" = Catalyst Control Center Graphics Previews Common
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4E3D3792-2AC8-5C3A-B47A-DC54901E685A}" = CCC Help Greek
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BBA917A-ABA8-6D66-25CA-60C4479EB5B9}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F44A7EE-2D4F-3501-8959-96E5707B702D}" = Catalyst Control Center Graphics Full New
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68B43A22-9B36-11D7-9D9C-00105ABD2C6C}" = Ginger
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C57DD90-6744-B038-04E7-5928217ACD29}" = CCC Help Chinese Standard
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E3F38F-E9CA-493C-A007-D8F351E9DAA7}" = Terminator 3 - War of the Machines
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76A52914-64CC-476B-BD58-2312D1A9AE10}" = WISO Mein Geld 2009 Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799821FD-51D2-8A54-04A0-E03C4BFDAB70}" = CCC Help Russian
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D66D425-0732-0503-681F-EF513C9EB035}" = CCC Help Czech
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D1201F-2B53-45A5-B940-B7DE21B995FC}" = Duden Rechtschreibtrainer
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DB3724-0BE3-A3FD-8401-53EA871F9381}" = CCC Help Finnish
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9909B060-77BE-C0EB-498E-200439A609CF}" = Catalyst Control Center HydraVision Full
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BCC64BE-25AD-5872-1FB8-168586E5D1CF}" = CCC Help Spanish
"{9CFAA618-E4CA-C55E-402D-D305AFBC7F36}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6960F96-6CE5-DA95-5346-1BEF9A7E48C7}" = ATI Problem Report Wizard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E3BB58-08F3-69A7-6DE1-46169A9E34C5}" = CCC Help Thai
"{AA898D01-D4E3-43C6-8E25-70CA660B9F16}" = CHIPDRIVE extern/intern/micro treiber 3.1
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BA4993-89C9-938E-95B8-8DD533DBC2BD}" = CCC Help Chinese Traditional
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66BDC95-CE25-9E1F-71CA-D9C9A30FED99}" = Catalyst Control Center Graphics Previews Vista
"{B6B7482F-E56A-DB37-97BE-A85B000E9506}" = CCC Help Japanese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7E86EDB-77E7-E3A0-F0A3-73755A0DFF3B}" = ccc-core-static
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{B9B1B950-777B-26A1-226E-411B2AF23B26}" = CCC Help Korean
"{BBBDA721-8885-42CE-A16C-8BEE27D37EB3}" = AAVUpdateManager
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D32C002C-ACD4-4AE6-F897-7B441E2402F0}" = CCC Help German
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E382FD08-7B09-EB40-9FDD-5C12898B3691}" = Catalyst Control Center Localization All
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB81FF05-AF5E-D3ED-E3DE-CA25489E95A0}" = Catalyst Control Center Core Implementation
"{EC89F553-763E-3851-97DF-3FBB47682E5A}" = CCC Help Swedish
"{ECD777F4-3C75-9227-0E71-8C321D99179E}" = CCC Help Danish
"{ECDA7753-B9EE-A492-DE40-96AFC181568C}" = ATI AVIVO Codecs
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F04090DB-1428-A054-768E-EFF969308578}" = Skins
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84377EE-38BE-EB21-B034-10742A180A26}" = CCC Help Italian
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"3D TippTrainer_is1" = 3D TippTrainer
"4StoryDE_is1" = 4Story 1.5
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued 3.4.0.466 (D)
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" =
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"bayer04_is1" = Bayer04 Publisher 2.1.1
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner (remove only)
"CodeStuff Starter" = CodeStuff Starter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.3.1
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Fotoservice" = Fotoservice
"FT7195" = USB FLYING STICK
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"Imperium Romanum" = Imperium Romanum 1.03
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"LetsTrade" = LetsTrade Komponenten
"Lidl-Fotos_is1" = Lidl-Fotos
"Lollipop Mathe 3" = Lollipop Mathe 3
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 2008 D" = MAGIX Video deluxe 2008 7.5.3.1 (D)
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = eBay.de - Skype 3.0
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"TwkSCard" = CHIPDRIVE - Gerätetreiber V2.14.41
"Ultimate Motorcross" = Ultimate Motorcross 1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"tc09-DE_SEVENONE_MAIN" = Big Pizza Mountainbike Challenge 09 (SevenOne)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.11.2008 16:37:21 | Computer Name = Mark-PC | Source = VSS | ID = 8194
Description =
Error - 27.11.2008 16:38:34 | Computer Name = Mark-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 29.11.2008 07:46:08 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18000, Zeitstempel
0x47918f11, fehlerhaftes Modul SwMenu.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x48998217, Ausnahmecode 0xc0000005, Fehleroffset 0x6c102d0d, Prozess-ID 0x13b8,
Anwendungsstartzeit 01c9521573238dfd.
Error - 30.11.2008 07:01:51 | Computer Name = Mark-PC | Source = RasClient | ID = 20227
Description =
Error - 30.11.2008 07:10:25 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18000, Zeitstempel
0x47918e5d, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c,
Ausnahmecode 0xc0000005, Fehleroffset 0x00038922, Prozess-ID 0x113c, Anwendungsstartzeit
01c952da7381ccb4.
Error - 30.11.2008 07:42:37 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18000, Zeitstempel
0x47918e5d, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c,
Ausnahmecode 0xc0000005, Fehleroffset 0x00038922, Prozess-ID 0xd70, Anwendungsstartzeit
01c952dd30583946.
Error - 04.12.2008 11:27:07 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Settlers6Demo.exe, Version 1.0.3006.0, Zeitstempel
0x46c8972e, fehlerhaftes Modul Settlers6Demo.exe, Version 1.0.3006.0, Zeitstempel
0x46c8972e, Ausnahmecode 0xc0000005, Fehleroffset 0x0010520e, Prozess-ID 0x1780,
Anwendungsstartzeit 01c9562354f0118d.
Error - 05.12.2008 13:29:57 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = Programm Settlers6Demo.exe, Version 1.0.3006.0 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 15fc Anfangszeit: 01c95624c95e62d5 Zeitpunkt
der Beendigung: 106
Error - 08.12.2008 17:17:01 | Computer Name = Mark-PC | Source = EventSystem | ID = 4621
Description =
Error - 12.12.2008 02:45:05 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = Programm _INS5576._MP, Version 5.53.168.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 15c0 Anfangszeit: 01c95c24c1d91464 Zeitpunkt der
Beendigung: 0
[ Media Center Events ]
Error - 20.05.2007 14:10:39 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/20/2007 20:10:39
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 13.06.2007 04:02:35 | Computer Name = Mark-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005
Error - 05.08.2007 12:40:29 | Computer Name = Mark-PC | Source = ehRecvr | ID = 4
Description =
Error - 28.12.2007 05:05:09 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/28/2007 10:05:08
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 28.12.2007 05:05:09 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/28/2007 10:05:09
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 17.04.2008 06:49:00 | Computer Name = Mark-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 20.10.2009 15:07:13 | Computer Name = Mark-PC | Source = ehRecvr | ID = 3
Description =
[ System Events ]
Error - 26.06.2010 08:09:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.06.2010 08:09:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.06.2010 08:09:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 26.06.2010 08:54:10 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 27.06.2010 02:16:59 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.06.2010 02:19:20 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 27.06.2010 03:38:12 | Computer Name = Mark-PC | Source = DCOM | ID = 10010
Description =
Error - 27.06.2010 03:41:23 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.06.2010 03:41:23 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.06.2010 03:41:26 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
27.06.2010, 19:20
| #5 |
| /// Selecta Jahrusso | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.06.2010, 20:24
| #6 |
| | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Hallo Daniel, ich hatte sofort das Logfile als ich wieder am Rechner war. Grüße Mark Combofix Logfile: Code:
ATTFilter ComboFix 10-06-27.02 - Mark 27.06.2010 20:51:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1095 [GMT 2:00]
ausgeführt von:: c:\users\Mark\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DFRE2F9.tmp
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-27 bis 2010-06-27 ))))))))))))))))))))))))))))))
.
2010-06-27 19:02 . 2010-06-27 19:03 -------- d-----w- c:\users\Mark\AppData\Local\temp
2010-06-27 19:02 . 2010-06-27 19:02 -------- d-----w- c:\users\Nik-PC\AppData\Local\temp
2010-06-27 19:02 . 2010-06-27 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-27 19:02 . 2010-06-27 19:02 -------- d-----w- c:\users\Nik\AppData\Local\temp
2010-06-27 19:02 . 2010-06-27 19:02 -------- d-----w- c:\users\Claudia\AppData\Local\temp
2010-06-27 06:22 . 2010-06-27 06:22 -------- d-----w- c:\program files\iPod
2010-06-27 06:16 . 2010-06-27 06:16 -------- d-----w- c:\program files\Bonjour
2010-06-27 06:14 . 2010-06-27 06:14 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-27 06:13 . 2010-06-27 06:13 -------- d-----w- c:\program files\Safari
2010-06-27 06:11 . 2010-06-27 06:11 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-27 04:14 . 2010-06-27 06:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-27 04:14 . 2010-06-27 04:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-26 17:37 . 2010-06-26 17:38 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-26 12:04 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-26 12:04 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-26 12:04 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-26 12:04 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-26 12:04 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-26 11:49 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-26 11:49 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 15:56 . 2010-06-19 10:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-19 10:50 . 2010-06-19 10:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-19 10:45 . 2010-06-19 10:45 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-19 10:45 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-19 08:48 . 2010-06-19 08:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-19 08:24 . 2010-06-19 08:24 -------- d-----w- c:\program files\CodeStuff
2010-06-15 10:21 . 2010-06-15 10:21 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 18:54 . 2006-11-02 15:33 638510 ----a-w- c:\windows\system32\perfh007.dat
2010-06-27 18:54 . 2006-11-02 15:33 130462 ----a-w- c:\windows\system32\perfc007.dat
2010-06-27 17:17 . 2010-06-27 17:17 0 ----a-w- c:\windows\SCARDSRV.TMP
2010-06-27 07:58 . 2007-08-24 17:41 -------- d-----w- c:\users\Mark\AppData\Roaming\Apple Computer
2010-06-27 06:23 . 2009-12-23 14:01 -------- d-----w- c:\program files\iTunes
2010-06-27 06:22 . 2009-04-25 11:29 -------- d-----w- c:\program files\Common Files\Apple
2010-06-26 13:06 . 2007-02-10 14:03 -------- d-----w- c:\program files\Microsoft.NET
2010-06-19 10:45 . 2008-04-24 19:07 -------- d-----w- c:\program files\Lavasoft
2010-06-19 10:45 . 2008-04-24 19:07 -------- d-----w- c:\programdata\Lavasoft
2010-06-19 08:44 . 2008-02-20 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-14 13:25 . 2007-05-06 18:31 -------- d-----w- c:\users\Mark\AppData\Roaming\Skype
2010-06-14 06:09 . 2009-10-27 14:34 -------- d-----w- c:\users\Mark\AppData\Roaming\skypePM
2010-06-10 19:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 17:26 . 2007-02-10 14:01 -------- d-----w- c:\programdata\Microsoft Help
2010-06-05 06:39 . 2010-01-13 17:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 08:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-06-01 18:36 . 2009-11-27 20:48 -------- d-----w- c:\programdata\Norton
2010-06-01 18:36 . 2009-11-27 20:48 -------- d-----w- c:\programdata\Symantec
2010-06-01 18:35 . 2009-11-27 20:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-28 17:26 . 2008-02-09 01:21 -------- d-----w- c:\users\Mark\AppData\Roaming\Uxfov
2010-05-26 20:46 . 2009-10-30 00:46 -------- d-----w- c:\users\Mark\AppData\Roaming\Teup
2010-05-26 19:57 . 2010-01-13 17:33 -------- d-----w- c:\program files\Microsoft
2010-05-26 17:06 . 2010-06-10 10:15 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 10:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 17:46 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 15:33 . 2010-05-20 15:33 -------- d-----r- c:\users\Mark\AppData\Roaming\Brother
2010-05-18 16:53 . 2010-05-14 16:21 -------- d-----w- c:\users\Mark\AppData\Roaming\ICQ
2010-05-18 16:26 . 2010-05-14 16:21 -------- d-----w- c:\program files\ICQ7.1
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-14 17:05 . 2010-05-14 17:05 -------- d-----w- c:\program files\Windows Live
2010-05-14 17:05 . 2010-05-14 17:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-14 16:21 . 2010-05-14 16:21 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-14 16:21 . 2010-05-14 16:21 -------- d-----w- c:\programdata\ICQ
2010-05-14 16:21 . 2007-02-09 13:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-13 19:20 . 2008-11-30 15:45 -------- d-----w- c:\programdata\PC Suite
2010-05-06 16:22 . 2010-05-06 16:22 -------- d-----w- c:\users\Nik.Mark-PC\AppData\Roaming\Apple Computer
2010-05-05 12:48 . 2007-05-06 17:46 2032 ----a-w- c:\users\Mark\AppData\Local\d3d9caps.dat
2010-05-04 05:59 . 2010-06-10 10:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 10:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 10:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 10:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 10:15 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 05:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-19 18:47 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 16:43 . 2010-06-26 11:49 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-26 11:49 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-26 11:49 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-26 11:49 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-09 18:12 . 2010-04-09 18:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA064.tmp.exe
2010-04-05 17:01 . 2010-06-10 10:15 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-01-09 17:54 . 2010-01-09 17:54 75 --sh--r- c:\windows\CT5SEET.BIN
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-12 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-14 98304]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-11 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-12 19:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a2,c3,ab,a7,c6,22,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 135664]
R2 TF0801;WIRELESS USB Filter Driver;c:\windows\system32\DRIVERS\TF0801.sys [2006-08-28 4352]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
R3 CHIPDRIVE USB SmartCardReader;CHIPDRIVE USB SmartCardReader;c:\windows\system32\DRIVERS\TwkUsb2K.sys [2005-09-19 35275]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-02-20 13352]
R3 GWHid;VL807 Hidmini driver;c:\windows\system32\DRIVERS\GWHid.sys [2008-10-31 18992]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 TWKPNP;CHIPDRIVE Plug and Play driver;c:\windows\system32\DRIVERS\TWKPNP.SYS [2003-04-30 5550]
R3 TWKSER2K;CHIPDRIVE Serial SmartCardReader;c:\windows\system32\DRIVERS\TWKSER2K.sys [2004-08-25 185611]
R3 VL807;VL807 Filter;c:\windows\system32\DRIVERS\VL807.sys [2008-10-31 27184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2007-10-03 639224]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-19 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 TwkMs;CHIPDRIVE Maus Adapter; [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-19 1352832]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-02-23 1509888]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-02-08 299093]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-02-08 127059]
S2 TwkPCSC;CHIPDRIVE PC/SC Drivers; [x]
S2 TWKSCARDSRV;CHIPDRIVE SCARD Service;c:\windows\SCARDS32.EXE [2003-04-30 264192]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-06-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:49]
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 20:12]
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 20:12]
2010-06-27 c:\windows\Tasks\User_Feed_Synchronization-{F1A883CC-8CB1-4FC9-AFF7-A13F8DC58013}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.arcor.de/
uInternet Settings,ProxyOverride = <local>;*.local
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab
DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FT7195 - c:\program files\FT7195\uninst.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-27 21:03
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys acpi.sys hal.dll >>UNKNOWN [0x86A10BF8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x891cdd24
\Driver\ACPI -> acpi.sys @ 0x8069fd68
\Driver\atapi -> 0x86a10bf8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-06-27 21:06:39
ComboFix-quarantined-files.txt 2010-06-27 19:06
Vor Suchlauf: 20 Verzeichnis(se), 44.157.059.072 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 43.951.484.928 Bytes frei
- - End Of File - - 9B04DBA50575BD3B35099C4EF3F79FD0
|
|
27.06.2010, 20:28
| #7 |
| /// Selecta Jahrusso | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 2 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in Deiner nächsten Antwort ESET Log OTL.txt Extras.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.06.2010, 16:49
| #8 |
| | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Hallo Daniel, der ESTl hatte bis in die Nacht hinein gescannt. Heute morgen hab ich dann die Logfiles gemacht, bin zur Arbeit und nun wieder am PC. Hier die gewünschten Log Files, wieder gesplittet, wegen der Größe Grüße Mark Zuerst der OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2010 04:38:39 - Run 2 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Mark\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 269,41 Gb Total Space | 40,74 Gb Free Space | 15,12% Space Free | Partition Type: NTFS Drive D: | 28,67 Gb Total Space | 21,27 Gb Free Space | 74,21% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 246,71 Mb Total Space | 118,01 Mb Free Space | 47,83% Space Free | Partition Type: FAT Computer Name: MARK-PC Current User Name: Mark Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.27 19:20:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe PRC - [2010.06.19 12:49:24 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010.06.19 12:49:23 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009.09.10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.08.14 04:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.14 04:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.08.05 21:19:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009.02.19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2007.05.12 21:46:38 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007.02.23 12:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe PRC - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe PRC - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) -- C:\Windows\SCARDS32.EXE PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2010.06.27 19:20:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe MOD - [2009.11.27 19:42:58 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2009.02.19 00:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.06.19 12:49:23 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.14 04:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.08.05 21:19:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.02.19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.23 12:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService) SRV - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto | Running] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009.12.07 22:32:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.12.02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009.12.02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2009.09.30 16:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.08.14 06:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2009.08.14 06:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.24 20:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2009.07.19 11:28:31 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.19 11:28:31 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.01.27 16:37:01 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2008.12.18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.12.18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.12.18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.12.16 16:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\xfilt.sys -- (xfilt) DRV - [2008.12.16 16:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2008.10.31 09:11:02 | 000,027,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VL807.sys -- (VL807) DRV - [2008.10.31 09:11:02 | 000,018,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GWHid.sys -- (GWHid) DRV - [2008.10.23 19:50:01 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh) DRV - [2008.09.17 09:55:00 | 007,379,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.02.20 21:42:36 | 000,020,520 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2008.02.20 21:42:36 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2008.01.19 07:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883) DRV - [2008.01.19 07:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc) DRV - [2008.01.19 07:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV) DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.10.03 20:55:38 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.05.17 09:45:51 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex) DRV - [2007.05.17 09:45:50 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2007.05.17 09:45:49 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm) DRV - [2007.05.17 09:45:49 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2007.05.11 17:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2007.04.11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2007.04.11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2007.04.11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007.04.03 11:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.01.08 19:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.12.01 14:38:58 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.08.28 15:48:46 | 000,004,352 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TF0801.sys -- (TF0801) DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005.09.19 03:07:00 | 000,035,275 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TwkUsb2K.sys -- (CHIPDRIVE USB SmartCardReader) DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2004.08.25 15:06:00 | 000,185,611 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TWKSER2K.sys -- (TWKSER2K) DRV - [2003.04.30 02:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TWKPCSC.SYS -- (TwkPCSC) DRV - [2003.04.30 02:14:00 | 000,005,550 | ---- | M] (Towitoko AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TWKPNP.SYS -- (TWKPNP) DRV - [2003.04.30 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TWKMS.SYS -- (TwkMs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: pagehacker-nico@nc:1.2 FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3 FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.18 22:48:23 | 000,000,000 | ---D | M] [2010.05.08 16:32:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions [2010.05.08 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions [2010.05.08 16:34:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.08 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\fastYoutubeDownloader@yevgenyandrov.net [2010.05.08 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\pagehacker-nico@nc [2010.05.08 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\smarterwiki@wikiatic.com [2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\FireFox\Profiles\a6mz7ae3.default\searchplugins\icqplugin.xml O1 HOSTS File: ([2010.06.27 21:03:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab (AstroAvengerLoader Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.06.27 21:06:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.06.27 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp [2010.06.27 20:36:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.06.27 20:36:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.06.27 20:36:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.06.27 20:34:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.06.27 20:30:27 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.06.27 20:29:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.27 20:29:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.06.27 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.06.27 08:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.06.27 08:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2010.06.27 08:12:02 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010.06.27 06:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.06.27 06:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.06.26 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010.06.26 14:04:39 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.26 14:04:39 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.26 14:04:39 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.26 13:49:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.06.26 13:49:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.06.19 12:50:00 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 12:45:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.06.19 10:48:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.06.19 10:42:32 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Mark\Desktop\Ad-AwareInstaller.exe [2010.06.19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff [2010.06.10 12:15:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.10 12:15:24 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.10 12:15:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.10 12:15:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.06.10 12:15:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.06.10 12:15:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.10 12:15:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.06.10 12:15:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.10 12:15:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.10 12:15:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.06.10 12:15:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.06.10 12:15:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.06.10 12:15:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.06.10 12:15:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.06.10 12:15:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.06.10 12:15:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.10 12:15:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.10 12:15:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.06.10 12:15:13 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.28 04:41:51 | 004,718,592 | -HS- | M] () -- C:\Users\Mark\ntuser.dat [2010.06.28 04:40:59 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F1A883CC-8CB1-4FC9-AFF7-A13F8DC58013}.job [2010.06.28 04:33:24 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.06.28 04:26:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.28 04:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.28 02:46:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.28 02:46:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.27 21:03:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.06.27 21:03:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.06.27 20:54:04 | 001,472,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.27 20:54:04 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.27 20:54:04 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.27 20:54:04 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.27 20:54:04 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.27 20:48:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.27 20:47:29 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.06.27 20:46:48 | 000,000,328 | ---- | M] () -- C:\Windows\scardsrv.ini [2010.06.27 20:46:45 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.06.27 20:46:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.27 20:46:24 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2010.06.27 20:45:11 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010.06.27 20:45:11 | 000,065,536 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TM.blf [2010.06.27 20:31:10 | 006,291,456 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db [2010.06.27 20:25:46 | 003,721,631 | R--- | M] () -- C:\Users\Mark\Desktop\ComboFix.exe [2010.06.27 10:23:53 | 000,012,466 | ---- | M] () -- C:\Users\Mark\Documents\hijackthis2 [2010.06.27 08:23:57 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.27 08:13:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010.06.27 06:15:37 | 000,001,019 | ---- | M] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk [2010.06.27 06:15:33 | 000,126,464 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.26 19:37:56 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.06.19 12:49:54 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 12:45:50 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.19 11:25:08 | 000,031,858 | ---- | M] () -- C:\Users\Mark\Documents\cc_20100619_112435.reg [2010.06.19 10:48:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.06.19 10:42:37 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Mark\Desktop\Ad-AwareInstaller.exe [2010.06.19 10:24:08 | 000,001,828 | ---- | M] () -- C:\Users\Mark\Desktop\CodeStuff Starter.lnk [2010.06.19 10:23:34 | 000,680,340 | ---- | M] () -- C:\Users\Mark\Desktop\StarterSetup5629.zip [2010.06.18 15:45:59 | 006,049,493 | ---- | M] () -- C:\Users\Mark\Desktop\K'naan - Wavin flag (WM 2010).mp3 [2010.06.18 15:41:35 | 004,910,972 | ---- | M] () -- C:\Users\Mark\Desktop\Shakira - waka waka.mp3 [2010.06.18 15:38:04 | 003,998,149 | ---- | M] () -- C:\Users\Mark\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3 [2010.06.10 21:23:15 | 000,419,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.09 20:58:49 | 000,021,478 | ---- | M] () -- C:\Users\Mark\Documents\Trainingsplan Juni. 10.xlsx [2010.06.02 20:43:27 | 000,036,864 | ---- | M] () -- C:\Users\Mark\Documents\Trainingsplan Apr. 10.xls [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.27 20:36:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.06.27 20:36:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.06.27 20:36:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.06.27 20:36:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.06.27 20:36:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.06.27 20:35:08 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.06.27 20:25:38 | 003,721,631 | R--- | C] () -- C:\Users\Mark\Desktop\ComboFix.exe [2010.06.27 10:23:53 | 000,012,466 | ---- | C] () -- C:\Users\Mark\Documents\hijackthis2 [2010.06.27 08:23:57 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.27 08:13:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2010.06.27 06:15:37 | 000,001,019 | ---- | C] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk [2010.06.26 19:37:56 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.06.19 17:56:29 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.06.19 12:45:50 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.19 11:24:40 | 000,031,858 | ---- | C] () -- C:\Users\MarkDocuments\cc_20100619_112435.reg [2010.06.19 10:24:08 | 000,001,828 | ---- | C] () -- C:\Users\Mark\Desktop\CodeStuff Starter.lnk [2010.06.19 10:23:32 | 000,680,340 | ---- | C] () -- C:\Users\Mark\Desktop\StarterSetup5629.zip [2010.06.18 15:45:59 | 006,049,493 | ---- | C] () -- C:\Users\Mark\Desktop\K'naan - Wavin flag (WM 2010).mp3 [2010.06.18 15:41:35 | 004,910,972 | ---- | C] () -- C:\Users\Mark\Desktop\Shakira - waka waka.mp3 [2010.06.18 15:38:04 | 003,998,149 | ---- | C] () -- C:\Users\Mark\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3 [2010.06.02 20:43:56 | 000,021,478 | ---- | C] () -- C:\Users\Mark\Documents\Trainingsplan Juni. 10.xlsx [2010.02.27 11:03:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.02.27 11:03:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.02.27 10:55:24 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2010.01.30 11:12:55 | 000,004,352 | ---- | C] () -- C:\Windows\System32\drivers\TF0801.sys [2009.12.07 18:26:12 | 000,000,020 | ---- | C] () -- C:\Windows\TTN.INI [2009.08.18 20:47:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.07 15:46:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.07.07 15:46:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.02.08 08:22:19 | 000,027,184 | ---- | C] () -- C:\Windows\System32\drivers\VL807.sys [2009.02.08 08:21:53 | 000,064,048 | ---- | C] () -- C:\Windows\System32\Hidhlp.dll [2009.02.08 08:21:53 | 000,055,856 | ---- | C] () -- C:\Windows\System32\iFT7195.dll [2009.02.05 19:06:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.12.12 08:43:43 | 000,000,160 | ---- | C] () -- C:\Windows\asrapi.ini [2008.12.12 08:43:03 | 000,081,920 | ---- | C] () -- C:\Windows\asr3232.dll [2008.10.15 19:30:20 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.10.15 19:30:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.10 20:50:02 | 000,000,065 | ---- | C] () -- C:\Windows\WININIT.INI [2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2008.05.07 21:04:51 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2008.05.07 21:04:51 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2007.05.26 15:51:54 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2007.05.26 15:51:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2007.05.14 20:58:55 | 000,000,015 | ---- | C] () -- C:\Windows\PUST2.ini [2007.05.08 18:45:59 | 000,000,000 | ---- | C] () -- C:\Windows\TCLOG.INI [2007.05.07 18:16:07 | 000,000,328 | ---- | C] () -- C:\Windows\scardsrv.ini [2007.05.06 20:46:01 | 000,000,610 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2007.02.26 18:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.02.26 18:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.02.10 17:17:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.02.09 16:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.02.09 15:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.20 08:34:10 | 000,000,114 | ---- | C] () -- C:\Windows\Buhl.ini [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > |
|
28.06.2010, 16:51
| #9 |
| | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Hier der OTL Extra und im Anschluss der ESeTLog OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.06.2010 04:38:39 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Mark\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 40,74 Gb Free Space | 15,12% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 21,27 Gb Free Space | 74,21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 246,71 Mb Total Space | 118,01 Mb Free Space | 47,83% Space Free | Partition Type: FAT
Computer Name: MARK-PC
Current User Name: Mark
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm Fotowelt.exe] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CBC1B0-79AC-4AD3-A546-A2E33C6B7609}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{0D198F02-52ED-4ECC-B7C6-BF51E2D0424F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{1B5690D5-33F9-4D79-B127-8F5E871701B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{1E87AEBB-E3B0-46C5-8B0F-F17B67BA8ED1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FFEE479-4F84-4CFC-82EF-578E116FFAF9}" = lport=5357 | protocol=6 | dir=in | app=system |
"{22A575F3-07B6-484E-B219-96D22F0DE313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{26A5DF50-0C4A-43D7-9E34-0328CE3F9526}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{2C536B09-3AAE-4EFD-8D03-ED11C149B7CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{355CA782-D708-4BB8-A02F-FFB99A507F15}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{38838B88-7BF8-4376-B5BE-567D8BA2802E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D488C39-EF67-4851-898F-49F5169E2D2F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{3D78703F-8268-4A05-B37A-D939BD562B02}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{4E0FEF2E-EDB2-42FE-B8D6-A7E80756C5D6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4F4A14F3-47C9-47F8-86A2-14681C73B9C6}" = rport=5358 | protocol=6 | dir=out | app=system |
"{4F65B46D-5880-49FB-A262-37A18E261E5E}" = rport=5357 | protocol=6 | dir=out | app=system |
"{5BD1BDDD-834F-41C4-81F1-CBC7A01A4B77}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5DDECE78-67C0-4E0E-BB9B-7FA20CDE1E10}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{60F91A31-DEB3-48DA-8B5E-2BF65C50DB60}" = lport=5358 | protocol=6 | dir=in | app=system |
"{740A023A-2160-4ABC-A2C6-4D8B48290AC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78D5BCB7-79C7-4F93-BDE1-B49C3DFCF4F0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7F78B9DD-8FD0-4C51-806D-59793DD5F658}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{88AE2DB5-9522-47A8-BBFB-D7DDF7D4F4C0}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{897C0FE8-6576-4B20-98D8-00D8AB4BEAEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{930ED437-D85D-4034-9966-D47DAAE73AB5}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{99D12D0E-03B3-4737-B324-7D252F4B5722}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{B3DF2580-F75C-46C5-9F0E-4EF59A5395B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{B67A5FD6-2DE2-4ADA-ABC8-911AFB9797F2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{CADABE61-8DA2-46A7-A7E0-2D9AC1D71351}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{E79255F1-9522-43DC-A80A-00F7204257EC}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{EAA8B625-7FFB-48CE-BCC3-142F0BBCAF25}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C56ADE-2E8D-4D07-BA0C-09FD401E032E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{08C77F3C-B232-4A59-9377-6BC3F42CE7A0}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{0B41292A-BFC4-4DBA-91A9-8E6098293177}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1190C1CA-7AED-4D29-85D4-AADC1F0D1C81}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe |
"{1317EA3D-E0A5-4F02-A477-A351853008AA}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{14E00577-7BD1-49EB-AFD3-D287F765BC5F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{17E02DF2-83C2-4E1C-B6DF-E490B5137D73}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1D9C9E28-CF47-4C85-B483-8C83D7DE1992}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{28A74334-DE56-4DEE-89C4-BC633EF1E47D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe |
"{2B7994E2-76D4-4A7D-A115-C1271337C6E3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2EBCDF1C-D9ED-47B4-86AC-2E642ABDD10D}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{33EBF189-2B7A-4302-9A32-2F669B7CD033}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{368BC80A-7010-4BE8-BB43-0064CFE9C16A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3824DAAB-3471-42E7-ABA0-48968FAB9996}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{42FF3394-75B6-4A8A-AA67-4A1800F4EFB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4664A922-B9BA-4960-9546-654DD0D51B57}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{47F784DE-8962-48F2-871D-04825AAF38CC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4A88DA37-B671-4F32-A70F-E0FA452E69A9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1192965770\ee\aolsoftware.exe |
"{4B711CE7-1494-4505-A991-65F984B0A007}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4BFA13AC-40F1-41B1-963C-81A479DE31B9}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{516F2D29-1E65-4A77-9DFF-CA76A98F16E1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{586F126F-7F84-44ED-8A8E-BBB99E887229}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{59C73435-0CAB-4740-A966-53BC16221577}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59F990E5-81DD-498A-A391-18780015D87D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{691B8BE3-9BC3-4330-B313-5DC578250DED}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{69B4337B-16AF-45D3-BACC-226821A02D68}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6C2ADBE1-81DD-4DE6-BB68-AC359D18D6A4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{6E6F63A9-9C6F-48CC-9814-EA6E7C485721}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe |
"{75F58A64-047F-408B-A3D1-93BD279C184C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{78C8811E-F6DF-4F57-ACF5-9C2050CD17AF}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{79980D05-554A-45E2-A03E-FD2261CA090F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8BEFE9AA-39AF-4AD1-B99F-7664B47413D2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{91FE0556-A73E-49A7-A5EE-A04B18A0DDC8}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B2E95EE-00CA-428E-90F0-F59D7803FE93}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{A9B6FEDC-05B8-414F-AA31-9084CC001A99}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{AC775A12-FF52-4C0C-A83A-639755D94218}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B28D1979-7475-490D-8175-573C4CAF935A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B513CCCE-2EC1-449C-B8C3-287651017C7A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7B6D999-7F54-4FA3-B866-1CAD27B76F9E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{B870B9B8-AE5C-4F76-AD1D-3192AA8BA994}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B98FF62E-ED00-468F-8F88-ED3B5EC5C95A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{BB2FBDFB-DCC2-489C-AAA7-A9FE418D4D02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC61D0DA-A3A8-4C60-BF16-CEE64E4C111D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{BF12935C-E1BA-4B49-B9E3-AA13EF2979EB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C9DC6B03-22A0-45AD-8EB3-F0E2B70E8B1A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{CA044B58-2BB9-4BC4-B272-256C7432D426}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CADAFD28-5210-425E-8542-DBA9E768A7E1}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{CE63222C-6E80-45DF-BEE9-FB270889A597}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{CF6B80F9-0737-423A-B854-9BBCCC2C3E79}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{DAA853F0-DA7C-4017-A27A-D4AAF1527068}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1192965770\ee\aolsoftware.exe |
"{DD889D98-2E7C-4E1F-810E-9F5A1912A770}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{E55A7624-6129-4BCC-B3D6-F3453272E62E}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{E584CCC2-2EA6-445C-805D-1ECA275C3364}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{EFED6540-E96C-4F1F-AC19-3A4B45E795B9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{F5DFBBCD-B201-4E91-A961-D6DC4AF2AE73}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{FC248F42-B34E-48D6-831F-4AC7E76E9A59}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"TCP Query User{00976E33-A593-4F88-A7CB-F4FD148CC3A9}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"TCP Query User{02049D0A-0594-4493-BFD1-00CA59F1C8A4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{162C956A-1D30-4758-BCC6-A585CDE2AA01}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe |
"TCP Query User{1C03DC42-2A82-49D5-A51A-3A4A72A4C835}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{1D24D467-0755-4027-9028-FDC27627B470}C:\program files\capcom\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lostplanetdx9.exe |
"TCP Query User{20CE3137-20CD-4043-AA1F-FFC83F9FF1D8}C:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe" = protocol=6 | dir=in | app=c:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe |
"TCP Query User{23423AF3-15F9-4E6A-BCE2-1ED4AF0CD535}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{2A491597-1C4B-413F-8744-02FC0920F4FE}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{2A63B7BE-9F78-4BFA-969A-6100BB266F4D}C:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe |
"TCP Query User{34149E9A-D625-48BF-8C95-2F711A9656FE}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{3537AEC0-4946-4BE8-A9C6-7C0B06BE1064}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=6 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe |
"TCP Query User{36F525F1-D0BC-4080-9E07-BC9F5440170B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{3895D241-4CF6-4C1C-92A7-2921139C152E}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |
"TCP Query User{44B1DF90-5A7B-4392-8CBF-58A0B6863E6E}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{48600E56-F316-4DEB-BC5B-EDB402004D11}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"TCP Query User{4977C400-8FC6-48A4-9EDA-2DC65D4317D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{592F564B-90CE-4F63-B95E-F7DAE2D7A223}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{65E4F729-5176-48FD-96B8-E90C3F818A5B}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{67D522E9-7974-46AC-815F-008139D64BEF}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{68A137A9-697E-4C6F-A781-793A92741305}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=6 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe |
"TCP Query User{6CE86AD9-BD4C-463F-AEA4-36FC47BEE32E}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"TCP Query User{788949C4-CA4A-43B1-8D44-0BC4D6737A95}C:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe |
"TCP Query User{78ACA6CA-6B7C-43C9-8B4A-B03DFF789F71}C:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe |
"TCP Query User{83F2A201-1D48-4BFC-96A5-7CCC48C1CFF0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8414516E-F39F-4631-A36B-8359A76A6AF6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{850B2120-1CD4-47C6-AD0E-135470562BE1}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{980A777C-55AC-439C-8AEA-611A71CDEBD0}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=6 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe |
"TCP Query User{AC1F2A58-42A9-4512-8DA6-CEDBA12AE0DB}C:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe |
"TCP Query User{AE971C37-F7ED-4A5A-8D59-2DE6E453E33D}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{AF6E5B82-8158-4880-B5C4-EB06A2DBE9DD}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{B0A692B1-0536-4AC4-A0C3-4D9E9CAE0349}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{BA13BF34-64C0-4A78-AFDA-E32B79AE8A11}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{BEC285BB-AD85-4141-A60D-67A7D5B7F96D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C0654B3D-FCDC-4ACB-8451-8B167D383266}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{C5096789-47D1-4E4F-B803-8142F2D41204}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C71FC0D2-E6AA-4A5F-9586-090817893E43}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{CAAFFB15-3F5D-4678-ABD4-E6EA4316E2DF}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D175B165-9EB1-48D5-A34B-2E69C6577586}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{D4CE7C15-D573-419B-A646-2023EFAC2875}C:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{DF5CC906-C15E-42F3-9659-CEC8B734970C}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{E6DD3623-E393-4C92-80E4-248DCC276DC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F0EA31BE-CAF9-4B38-8E87-D45420980B36}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{07BF4AF4-32EA-47E2-A86E-345BE34E6C35}C:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe |
"UDP Query User{0A2E0C1F-0138-4620-8E3A-4E3375B5E258}C:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{0B4E9260-D9E2-4162-A034-83875A2AAAB8}C:\program files\capcom\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lostplanetdx9.exe |
"UDP Query User{1235F594-3240-4732-8436-248411B1FFCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1997202B-BBBD-448A-947F-EB9457522124}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{2B02A798-D566-4C58-B820-6921894516DA}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{2B34300F-5461-44D3-898F-9391BD7E8A4D}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{2DFDF9AF-6CF6-4EE8-A0A1-10BE9FBA1DF7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{2FD8F7D0-2062-43F9-A6B8-1E1CF58DA86B}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{3341E114-D986-43C3-9EDF-1E9D308AFF00}C:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe" = protocol=17 | dir=in | app=c:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe |
"UDP Query User{4200CA67-1133-4355-9713-15AEB70E7FCA}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{44B47E32-025E-4971-90A6-9C30EF66A438}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{46572F1D-3810-4534-93AB-35F262609643}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{527F03A4-6F10-4BB3-AEC8-802C775EE08F}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"UDP Query User{6041F239-4F55-43F9-9507-E078BC0C29A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{73C1F558-1EA1-42B9-B618-2070946B997D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{893CFED1-9D7B-415C-92C7-5206824F915B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{8B0400FB-41F0-4A86-9584-E73DF5AF4F0F}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=17 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe |
"UDP Query User{8E385BE0-B6F3-41FA-8430-12A1EF41B1EC}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe |
"UDP Query User{92576D25-1570-4BC1-8391-44FA86F3CE69}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{96DEA020-41DC-4B80-A9D0-58F4CA059C06}C:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe |
"UDP Query User{9B9EF7C3-84E5-4960-B136-1EAFCE5B3BA2}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"UDP Query User{A66A4BB8-7085-470A-BE30-78565133E067}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{ADEC7F44-3BF3-4CD7-9CFD-A2D7275A2859}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{AECAA2E5-73DC-4209-BBF8-C5882D8F25ED}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |
"UDP Query User{B02A394E-A1B8-45FC-99C5-604EBF81B6F0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B2F2A3E7-39D9-4E98-B33A-3A42BE3ADF25}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=17 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe |
"UDP Query User{B676DFB3-32F0-4142-8D04-0C4C9A5541C0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{B965DF5D-E7C7-4E56-AF1B-C8CEAE7DFD77}C:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe |
"UDP Query User{BBA1F888-DAE9-4EDB-881C-2F87744B7BF6}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BC4CC1CE-38DC-470C-8FF9-0CCC4AB6D246}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{BF9285D1-64D4-4B71-8C5A-A93B9DC09636}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{C6CC2BF8-D328-4E03-9AB7-2934F444DBA7}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{C77E5F34-406E-4D90-9B52-5DF5ECE7BA99}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{CC1612F6-4431-4B69-998F-50865710B0DD}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{CD43C8C5-4C64-4612-8FBB-A560331DB0BE}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{D63A4373-A5D3-46C3-9E63-BF6AC4780140}C:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe |
"UDP Query User{DCB2A323-CA24-4C01-8294-21A09056C6B7}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"UDP Query User{E0B5C60E-DC56-482C-AE6E-E0262DCE15A1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E9DA1AED-E1F7-4968-B499-514331E5FE90}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=17 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe |
"UDP Query User{FAD8FFC0-B8BB-46C3-91A4-683DA2BB69B1}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{FD20C98B-0EF6-4555-8F68-B87E050629D3}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A0BD20-71D1-F60D-32DF-7A828187693B}" = ccc-utility
"{0332234E-09D1-4B74-A5F3-73E34BA29F5B}" = Nokia Software Updater
"{037D0596-043A-6CF0-7161-C1240590E3D4}" = CCC Help Norwegian
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08633C60-680F-F32C-8C91-377EA7AE3CAD}" = Catalyst Control Center Graphics Full Existing
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F19E412-CA39-1DC9-409E-D20130E97CB5}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232579E4-B963-B742-9AEF-2A156C7F1012}" = HydraVision
"{24E42D00-A7B3-43B3-1831-E1D38BBE1C04}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C38C251-DE7B-40DC-9D26-C54044348DE5}" = BBI USB WIRELESS CONTROLLER
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{30909DAD-50D9-5C8F-E4EA-B6CD33219F8A}" = CCC Help Dutch
"{30BFA63D-EABB-1850-5E6F-39270E401FE9}" = CCC Help Portuguese
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34DE4F36-3814-5CAD-9A61-DEFA6C908F9A}" = CCC Help English
"{3647638A-36CF-08B0-71A2-C9C382A396BA}" = CCC Help Hungarian
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{37D9C685-0F4B-2D8E-59E3-3CE151CE0051}" = ATI Catalyst Install Manager
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41DA146B-1218-35C7-F9F7-1329BDA0FCEC}" = Catalyst Control Center Graphics Light
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{48C564CC-6269-1FAB-25FC-E77EC663A8EE}" = Catalyst Control Center Graphics Previews Common
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4E3D3792-2AC8-5C3A-B47A-DC54901E685A}" = CCC Help Greek
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BBA917A-ABA8-6D66-25CA-60C4479EB5B9}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F44A7EE-2D4F-3501-8959-96E5707B702D}" = Catalyst Control Center Graphics Full New
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68B43A22-9B36-11D7-9D9C-00105ABD2C6C}" = Ginger
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C57DD90-6744-B038-04E7-5928217ACD29}" = CCC Help Chinese Standard
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E3F38F-E9CA-493C-A007-D8F351E9DAA7}" = Terminator 3 - War of the Machines
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76A52914-64CC-476B-BD58-2312D1A9AE10}" = WISO Mein Geld 2009 Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799821FD-51D2-8A54-04A0-E03C4BFDAB70}" = CCC Help Russian
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D66D425-0732-0503-681F-EF513C9EB035}" = CCC Help Czech
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D1201F-2B53-45A5-B940-B7DE21B995FC}" = Duden Rechtschreibtrainer
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DB3724-0BE3-A3FD-8401-53EA871F9381}" = CCC Help Finnish
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9909B060-77BE-C0EB-498E-200439A609CF}" = Catalyst Control Center HydraVision Full
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BCC64BE-25AD-5872-1FB8-168586E5D1CF}" = CCC Help Spanish
"{9CFAA618-E4CA-C55E-402D-D305AFBC7F36}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6960F96-6CE5-DA95-5346-1BEF9A7E48C7}" = ATI Problem Report Wizard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E3BB58-08F3-69A7-6DE1-46169A9E34C5}" = CCC Help Thai
"{AA898D01-D4E3-43C6-8E25-70CA660B9F16}" = CHIPDRIVE extern/intern/micro treiber 3.1
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BA4993-89C9-938E-95B8-8DD533DBC2BD}" = CCC Help Chinese Traditional
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66BDC95-CE25-9E1F-71CA-D9C9A30FED99}" = Catalyst Control Center Graphics Previews Vista
"{B6B7482F-E56A-DB37-97BE-A85B000E9506}" = CCC Help Japanese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7E86EDB-77E7-E3A0-F0A3-73755A0DFF3B}" = ccc-core-static
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{B9B1B950-777B-26A1-226E-411B2AF23B26}" = CCC Help Korean
"{BBBDA721-8885-42CE-A16C-8BEE27D37EB3}" = AAVUpdateManager
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D32C002C-ACD4-4AE6-F897-7B441E2402F0}" = CCC Help German
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E382FD08-7B09-EB40-9FDD-5C12898B3691}" = Catalyst Control Center Localization All
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB81FF05-AF5E-D3ED-E3DE-CA25489E95A0}" = Catalyst Control Center Core Implementation
"{EC89F553-763E-3851-97DF-3FBB47682E5A}" = CCC Help Swedish
"{ECD777F4-3C75-9227-0E71-8C321D99179E}" = CCC Help Danish
"{ECDA7753-B9EE-A492-DE40-96AFC181568C}" = ATI AVIVO Codecs
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F04090DB-1428-A054-768E-EFF969308578}" = Skins
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84377EE-38BE-EB21-B034-10742A180A26}" = CCC Help Italian
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"3D TippTrainer_is1" = 3D TippTrainer
"4StoryDE_is1" = 4Story 1.5
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued 3.4.0.466 (D)
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" =
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"bayer04_is1" = Bayer04 Publisher 2.1.1
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner (remove only)
"CodeStuff Starter" = CodeStuff Starter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.3.1
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Fotoservice" = Fotoservice
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"Imperium Romanum" = Imperium Romanum 1.03
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"LetsTrade" = LetsTrade Komponenten
"Lidl-Fotos_is1" = Lidl-Fotos
"Lollipop Mathe 3" = Lollipop Mathe 3
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 2008 D" = MAGIX Video deluxe 2008 7.5.3.1 (D)
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Nokia PC Suite" = Nokia PC Suite
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = eBay.de - Skype 3.0
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"TwkSCard" = CHIPDRIVE - Gerätetreiber V2.14.41
"Ultimate Motorcross" = Ultimate Motorcross 1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"tc09-DE_SEVENONE_MAIN" = Big Pizza Mountainbike Challenge 09 (SevenOne)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.11.2008 16:38:34 | Computer Name = Mark-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 29.11.2008 07:46:08 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18000, Zeitstempel
0x47918f11, fehlerhaftes Modul SwMenu.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x48998217, Ausnahmecode 0xc0000005, Fehleroffset 0x6c102d0d, Prozess-ID 0x13b8,
Anwendungsstartzeit 01c9521573238dfd.
Error - 30.11.2008 07:01:51 | Computer Name = Mark-PC | Source = RasClient | ID = 20227
Description =
Error - 30.11.2008 07:10:25 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18000, Zeitstempel
0x47918e5d, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c,
Ausnahmecode 0xc0000005, Fehleroffset 0x00038922, Prozess-ID 0x113c, Anwendungsstartzeit
01c952da7381ccb4.
Error - 30.11.2008 07:42:37 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18000, Zeitstempel
0x47918e5d, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c,
Ausnahmecode 0xc0000005, Fehleroffset 0x00038922, Prozess-ID 0xd70, Anwendungsstartzeit
01c952dd30583946.
Error - 04.12.2008 11:27:07 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Settlers6Demo.exe, Version 1.0.3006.0, Zeitstempel
0x46c8972e, fehlerhaftes Modul Settlers6Demo.exe, Version 1.0.3006.0, Zeitstempel
0x46c8972e, Ausnahmecode 0xc0000005, Fehleroffset 0x0010520e, Prozess-ID 0x1780,
Anwendungsstartzeit 01c9562354f0118d.
Error - 05.12.2008 13:29:57 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = Programm Settlers6Demo.exe, Version 1.0.3006.0 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 15fc Anfangszeit: 01c95624c95e62d5 Zeitpunkt
der Beendigung: 106
Error - 08.12.2008 17:17:01 | Computer Name = Mark-PC | Source = EventSystem | ID = 4621
Description =
Error - 12.12.2008 02:45:05 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = Programm _INS5576._MP, Version 5.53.168.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 15c0 Anfangszeit: 01c95c24c1d91464 Zeitpunkt der
Beendigung: 0
Error - 13.12.2008 09:33:51 | Computer Name = Mark-PC | Source = EventSystem | ID = 4621
Description =
[ Media Center Events ]
Error - 20.05.2007 14:10:39 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/20/2007 20:10:39
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 13.06.2007 04:02:35 | Computer Name = Mark-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005
Error - 05.08.2007 12:40:29 | Computer Name = Mark-PC | Source = ehRecvr | ID = 4
Description =
Error - 28.12.2007 05:05:09 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/28/2007 10:05:08
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 28.12.2007 05:05:09 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/28/2007 10:05:09
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 17.04.2008 06:49:00 | Computer Name = Mark-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 20.10.2009 15:07:13 | Computer Name = Mark-PC | Source = ehRecvr | ID = 3
Description =
[ System Events ]
Error - 27.06.2010 14:33:50 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.06.2010 14:33:56 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.06.2010 14:38:43 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 27.06.2010 14:42:35 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 27.06.2010 14:44:03 | Computer Name = Mark-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%861 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 1.85.898.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.5902.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 27.06.2010 14:46:51 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.06.2010 14:46:51 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.06.2010 14:47:00 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.06.2010 14:49:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 27.06.2010 15:03:30 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7030
Description =
< End of report >
ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=607e483eab0cde4cb3fd5dcb08563ddd # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-06-28 12:28:22 # local_time=2010-06-28 02:28:22 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 100 113452 53182875 24650 0 # compatibility_mode=5892 16776574 100 100 116946 115200296 0 0 # compatibility_mode=8192 67108863 100 0 238 238 0 0 # scanned=223419 # found=1 # cleaned=1 # scan_time=17334 C:\Users\Mark\Downloads\Nero-7.11.10.0_all_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C |
|
28.06.2010, 16:55
| #10 |
| | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Hallo Daniel, anbei noch die Beantwortung der Frage wie der Rechner läuft Der Rechner läuft ruhiger als vorher, die Festplatte "rödelt" nicht mehr so oft wie früher. Internet ist recht flott und es kommen keine Warnmeldungen des Virenscanner. (kamen früher auch nicht, nur einmal und dann gewaltig) Grüße und danke schon mal für die Hilfe Mark |
|
28.06.2010, 17:12
| #11 |
| /// Selecta Jahrusso | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Logfile ist sauber  Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Combofix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 2 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 3 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 4 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 5 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.06.2010, 19:22
| #12 |
| | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Hallo Daniel, das Combo zu deinstallieren war tricky, nach dem Backslash darf kein Leerzeichen sein, davor schon. Nach ner Stunde hatte ich es dann raus Das System läuft normal, habe zum ersten mal wieder Wiso mein Geld gestartet und bekomme folgende Meldung Wichtiger Sicherheitshinweis, folgender host wurde geändert und gefährden evtl. die Sicherheit des Systems 127.0.0.1 localhost Ich hoffe du kannst hier weiter helfen Grüße Mark |
|
28.06.2010, 19:33
| #13 |
| /// Selecta Jahrusso | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Der Eintrag ist eigentlich normal. Die MVPS Hostsfile schon verwendet ? Dann ist die Meldung ok 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.06.2010, 20:18
| #14 |
| | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Nochmals vielen dank für die schnelle Antwort. Dann werde ich mich in der nächsten Zeit mal mit den vorgeschlagenen Programmen beschäftigen. Bei einer Anleitung in englisch kann man ja schnell mal was verschlimmbessern. Klappt ja schon manchmal in deutsch nicht  Damit ist mein Problem gelöst und ich kann am Wochende in Ruhe WM schauen. Grüße und nen schönen Feierabend Marko |
|
28.06.2010, 20:24
| #15 |
| /// Selecta Jahrusso | Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? Downloade dir die hosts.zip, extrahiere die den Inhalt auf dem Desktop, doppelklick auf die batch und der Fall ist auch erledigt 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? |
| ad-aware, antivir, antivir guard, avira, bho, bonjour, cc cleaner, codes, desktop, ebay, google, gupdate, hijack, hijackthis, internet, internet explorer, microsoft essentials, microsoft security, microsoft security essentials, plug-in, registry, rundll, safer networking, scan, security, senden, software, starten, system, virus, virus eingefangen, vista, windows |
Textbox.
.
Linear-Darstellung
