| |
| |||||||
Log-Analyse und Auswertung: Google spinnt und leitet teilweise flasch weiterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
09.10.2010, 22:25
| #1 |
 |  Google spinnt und leitet teilweise flasch weiter Ich habe ein Problem, erstmal ich hab nicht so die Ahnung von PCs. Und dann zum Hauptproblem: Angefangen hat es damit, dass mir AntiVir und Windows gleichzeitig einen Trojaner meldeten. Also Laptop vom Netz getrennt und Viren-Scan. So zwei Trojaner gefunden und entfernt. Dann schien alles gut und der PC sauber zu sein. Dann wieder im Netz und ich merkte das Google mich oft auf falsche Seiten weiterleitete.Dann hab ich mal in die Prozesse geschaut und die WerFault.exe gefunden. Keine Ahnung was das nun wieder ist. Also noch nen Scan. Nix gefunden.  Also noch mal ab ins Netz, und schaun was es für lösungen gibt. Also hijackthis-Analyse und das ist das Ergebinnis: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:58:32, on 09.10.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18498) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Users\Public\Documents\Windows\winhelp.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Windows\system32\wuauclt.exe C:\Users\Jannik\AppData\Local\Temp\Cnu.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Avira\AntiVir Desktop\avnotify.exe C:\Windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\explorer.exe C:\Users\Jannik\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [FeedBuster] "C:\Program Files\Alnera\FeedBuster\FeedBuster.exe" O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [Rbidog] rundll32.exe "C:\Users\Jannik\AppData\Local\xULevsb.dll",Startup O4 - HKCU\..\Run: [iashsdtc] rundll32 "C:\Users\Jannik\AppData\Local\Temp\LocaStub.dll",CreateProcessNotify O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\Jannik\AppData\Local\Temp\sshnas21.dll,GetHandle O4 - HKCU\..\Run: [SMH2B46TDP] C:\Users\Jannik\AppData\Local\Temp\Cns.exe O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\Jannik\AppData\Local\Temp\Cnu.exe O4 - Startup: algdyw32.exe O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - User Startup: winhelp.exe O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Google Update Service (gupdate1ca0a54c6c8e650) (gupdate1ca0a54c6c8e650) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing) O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10455 bytes Und wie gesagt ich kann damit nicht soviel anfangen und würde mich echt freuen wenn ihr mir helfen könntet. P.S.:Ich lass gerade noch nen Scan nebenher laufen und das Ergebniss werd ich noch posten. Danke schon mal BlackApe Achja ich benutze Firefox und der Scan hat jetzt schon zehn Funde. Hier die Scan-Ergebnisse JAVA/Rowindal.A JAVA/OpenSteam.C JAVA/2010.0094.E Avira AntiVir Personal Erstellungsdatum der Reportdatei: Samstag, 9. Oktober 2010 22:51 Es wird nach 2914708 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 1) [6.0.6001] Boot Modus : Normal gebootet Benutzername : Jannik Computername : JANNIK-PC Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 20:45:19 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 20:45:24 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 20:45:36 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 20:45:43 VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.2010 20:45:43 VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.2010 20:45:44 VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.2010 20:45:45 VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.2010 20:45:45 VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.2010 20:45:46 VBASE014.VDF : 7.10.11.202 144384 Bytes 18.09.2010 20:45:46 VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.2010 20:45:46 VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.2010 20:45:47 VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.2010 20:45:47 VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.2010 20:45:47 VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.2010 20:45:48 VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.2010 20:45:48 VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.2010 20:45:49 VBASE022.VDF : 7.10.12.149 2048 Bytes 07.10.2010 20:45:49 VBASE023.VDF : 7.10.12.150 2048 Bytes 07.10.2010 20:45:49 VBASE024.VDF : 7.10.12.151 2048 Bytes 07.10.2010 20:45:49 VBASE025.VDF : 7.10.12.152 2048 Bytes 07.10.2010 20:45:49 VBASE026.VDF : 7.10.12.153 2048 Bytes 07.10.2010 20:45:49 VBASE027.VDF : 7.10.12.154 2048 Bytes 07.10.2010 20:45:49 VBASE028.VDF : 7.10.12.155 2048 Bytes 07.10.2010 20:45:49 VBASE029.VDF : 7.10.12.156 2048 Bytes 07.10.2010 20:45:50 VBASE030.VDF : 7.10.12.157 2048 Bytes 07.10.2010 20:45:50 VBASE031.VDF : 7.10.12.167 75776 Bytes 08.10.2010 20:45:50 Engineversion : 8.2.4.72 AEVDF.DLL : 8.1.2.1 106868 Bytes 09.10.2010 20:46:01 AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 09.10.2010 20:46:01 AESCN.DLL : 8.1.6.1 127347 Bytes 09.10.2010 20:46:00 AESBX.DLL : 8.1.3.1 254324 Bytes 09.10.2010 20:46:02 AERDL.DLL : 8.1.9.2 635252 Bytes 09.10.2010 20:46:00 AEPACK.DLL : 8.2.3.7 471413 Bytes 09.10.2010 20:45:59 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 09.10.2010 20:45:59 AEHEUR.DLL : 8.1.2.30 2941303 Bytes 09.10.2010 20:45:59 AEHELP.DLL : 8.1.13.4 242038 Bytes 09.10.2010 20:45:56 AEGEN.DLL : 8.1.3.23 401779 Bytes 09.10.2010 20:45:56 AEEMU.DLL : 8.1.2.0 393588 Bytes 09.10.2010 20:45:56 AECORE.DLL : 8.1.17.0 196982 Bytes 09.10.2010 20:45:55 AEBB.DLL : 8.1.1.0 53618 Bytes 09.10.2010 20:45:54 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, E:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Beginn des Suchlaufs: Samstag, 9. Oktober 2010 22:51 Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\SecuROM\License information\datasecu [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\SecuROM\License information\rkeysecu [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. c:\program files\mozilla firefox\firefox.exe c:\Program Files\Mozilla Firefox\firefox.exe [HINWEIS] Der Prozess ist nicht sichtbar. c:\program files\mozilla firefox\firefox.exe c:\program files\mozilla firefox\firefox.exe c:\users\jannik\appdata\local\temp\cnu.exe c:\Users\Jannik\AppData\Local\Temp\Cnu.exe [HINWEIS] Der Prozess ist nicht sichtbar. c:\users\jannik\appdata\local\temp\cnu.exe c:\users\jannik\appdata\local\temp\cnu.exe c:\program files\adobe\reader 8.0\reader\acrord32.exe c:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe [HINWEIS] Der Prozess ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'wmiprvse.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'NOTEPAD.EXE' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '126' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '154' Modul(e) wurden durchsucht Durchsuche Prozess 'avnotify.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'Cnu.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'CFSwMgr.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'winhelp.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'TOSCDSPD.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'TCrdMain.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'TPwrMain.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'NDSTray.exe' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'MSASCui.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'SmartFaceVWatchSrv.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'ULCDRSvr.exe' - '5' Modul(e) wurden durchsucht Durchsuche Prozess 'TUProgSt.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'TosIPCSrv.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'TosCoSrv.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'TNaviSrv.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'TempoSVC.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'StarWindServiceAE.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'CTDevSrv.exe' - '12' Modul(e) wurden durchsucht Durchsuche Prozess 'CFSvcs.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'ClipInc-Server.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'PresentationFontCache.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1814' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Vista> C:\Users\Jannik\AppData\Local\Temp\jar_cache282714241942448680.tmp [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.A --> Exploit.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.A --> PayloadCreater.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.C --> PayloadClassLoader.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.B --> Payloader.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.D --> payload.ser [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.E C:\Users\Jannik\AppData\Local\Temp\jar_cache4805804730922064940.tmp [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnecti.A --> cpak/Crimepack$1.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnecti.A --> cpak/Crimepack.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStream.C C:\Users\Jannik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\aff9319-54dca3f0 [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.abj --> U_kM5y.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.abj --> uz_gJ_h.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Remote.B --> VjDDB__QuwE.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.A Beginne mit der Suche in 'E:\' <Musik> Beginne mit der Desinfektion: C:\Users\Jannik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\aff9319-54dca3f0 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.A [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4845547c.qua' verschoben! C:\Users\Jannik\AppData\Local\Temp\jar_cache4805804730922064940.tmp [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStream.C [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50e67bde.qua' verschoben! C:\Users\Jannik\AppData\Local\Temp\jar_cache282714241942448680.tmp [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.E [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '02b92136.qua' verschoben! Ende des Suchlaufs: Sonntag, 10. Oktober 2010 00:45 Benötigte Zeit: 1:48:17 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 32294 Verzeichnisse wurden überprüft 566861 Dateien wurden geprüft 10 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 566851 Dateien ohne Befall 7523 Archive wurden durchsucht 0 Warnungen 3 Hinweise 639028 Objekte wurden beim Rootkitscan durchsucht 9 Versteckte Objekte wurden gefunden |
|
10.10.2010, 11:00
| #2 |
| /// Malware-holic   | Google spinnt und leitet teilweise flasch weiter ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten. |
|
10.10.2010, 12:06
| #3 |
| | Google spinnt und leitet teilweise flasch weiter EXTRA.txt
__________________Code:
ATTFilter OTL Extras logfile created on: 10.10.2010 12:16:36 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Jannik\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 21,52 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147,73 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JANNIK-PC
Current User Name: Jannik
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E18D23-B117-420D-B2AA-F0B15CE8F0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{11FD7180-B364-4920-BAF5-FF2B5F8F6F18}" = rport=138 | protocol=17 | dir=out | app=system |
"{30BB41C1-F3AC-4E73-9747-87986FE0F5EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{31C6A118-F841-48EF-AEC5-66534B047769}" = rport=137 | protocol=17 | dir=out | app=system |
"{5468F44B-DEDB-49DB-AFA2-C3801CD961D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A4BF644-EAE3-4B65-AD9F-B2C4D32C683B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68DE4D5A-F888-42CD-8AC4-AA26D00358ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75D4AD02-B6CD-4003-B7E4-8C76A0F9934F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7AB52312-C8BC-4CDD-A638-88A2666983E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{7FC26710-E40A-470D-9046-F20842041F29}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F9E89D3-6F2C-4463-9A74-A26ADE57FB1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95D86AA1-38EE-45A6-8AA5-DF5CC1AF2BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{991D8CC6-AAF4-4D12-8475-3493676BDEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C2CC400-F76F-4EA7-9066-EA97F2737E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E78096-8642-4D21-9435-252332C6351F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C284BDDD-9DFD-4540-8E18-FF1C4F912062}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5EA56C9-2B59-4E2E-A8E7-1E5E48CB9D64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3E8AC8D-917C-4F57-8335-E0670A2B9CDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED325330-952D-41C8-A50A-657F1CA5473C}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1D4C065-3078-4272-84FA-2689F693405F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B102-81CB-48C8-9315-3C28F919B104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{098D2C73-49A3-4195-B58A-A10E133D5DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B3C0EA7-7125-4A45-8F0D-D2084A72733A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{0BB98C35-A35F-4E13-8076-4BDE63A708DA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1136537E-527E-46EB-9522-1B6B30DFB42F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{249BAED9-C347-49A8-9FAC-C78DC051B339}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{26A24B84-EBA8-4029-9436-1A8DB6AE25ED}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{28F158F0-71BF-44BC-AB72-BDEBD468F8EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2F158077-2CD2-40F7-9FE7-60B0C339184B}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{33914B44-3532-4D87-A548-7542158CB99C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{37E16456-39D5-4EE5-9363-DFB4433B66BD}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{39BE2E97-BCB6-44EB-9EB2-2BE1DBD8EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{3DD81C62-6485-4A67-9ACC-206A72F2343F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4DB4F8F4-F239-40F0-A2BA-F2C49F310E6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5753487A-8836-4986-A7AD-108718A28F6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5763CB4F-048E-4EA2-9041-FE0101E83E6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5ADF5357-D0EE-4D42-BBF6-438F4A607356}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5D7EEA5B-E701-44CC-98F0-4289704A3FAA}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{60AAF55F-D477-43D4-A752-E687605595DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{62D15BBA-8E39-4885-B085-4A08D5A06031}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6366DA10-BD9A-486F-AADE-D5C069C69346}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{69DE9FFB-82DA-4AFA-95B4-5BFA6C3AB567}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{73A1FDE1-7CE7-46E6-9C04-CD12C4C2BDAD}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{744CE7F9-3DDA-4C59-9A42-37D84E99E398}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7B7F4273-EA7F-4B46-A0D8-5EB2D2E4A241}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{852915A8-71FA-4982-97EE-1C942F65A9F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{86F6D358-8E56-48F6-850B-3258190F8C47}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{8CAA9AD7-99D1-4FD8-AD41-3BCE4FC92D54}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{95849A7E-8736-4112-A6A9-E1A9B39A05B1}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{9E9A96F1-5E9D-4F51-9151-50E13C29C6CE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{A9AD2DF9-E2D9-460F-90FF-A2F0703BE9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AC119DAC-9164-40BE-B24F-123E01988D73}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{B478A473-5891-4E9D-974B-69E9461B692D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B54CF880-F914-4C78-9651-76D3BC44D402}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B7510037-A5A2-4B8D-97C0-8B42349AD566}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{B96125F3-7192-401C-83A7-0934C6A80B59}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{C00D1237-D8E9-4225-ACD5-E32F8A20EFDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C20D6BBE-EC82-4412-9049-F1F0C9BA98A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C36E9A4D-7CFE-4AC0-AD04-0FE2BACDA35D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{C552EF17-F71D-4F03-8B11-3A7140272913}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{D36066CC-E823-482E-A0A1-8B024E658644}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DB209344-9F86-422C-984C-8F2A4EA86266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3236227-6349-4499-BC62-EE7CA7FB17C1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{F03EE435-0702-4725-A89B-390425D8E6D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{F7B54195-37CA-483D-872A-80AC01D037E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FEBC2869-29D8-4F58-852D-02F27DCB0BE5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"TCP Query User{0EE7C6F4-1C18-46DF-A626-F336DC6E351A}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{0F037392-DF67-4849-AD0C-309E09C698E2}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{12E31B69-1BB9-4A93-B422-116042E91493}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{189CC8B8-883C-4240-8005-E6B10B6418DC}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{4AB6E21C-F281-431C-BEA6-6FD8EFE60A79}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"TCP Query User{696E141B-FD93-44AA-8E65-9EB39797EA23}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{73A13397-0680-4065-9A51-BF36A247A4E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7909A2B3-1A31-4565-BD13-C8014159FB2F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{98E82FA0-08BC-4EDA-BED3-3A3725C7CF96}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"TCP Query User{9DED8B6F-18D5-4B1E-99F2-7B0BEF2621EB}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{B624E298-7DEF-4F0B-A03B-05CBC2554BC4}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{BF15C617-40DD-4799-8164-E7349A85E2D4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{C4FE7027-A678-4E8D-BF94-7F366DCA174E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{E4DBCB24-EFB6-4C9E-BB6E-B0F15B477DF3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{EBF0AE70-1C06-4365-A25D-E25075C9A93F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{13DA6640-6F3C-4A98-B014-CFA3AA69A570}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{1B50EE0D-AC29-4B00-8CD4-0B8EECA50822}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{3157920F-5E9C-4714-9ED3-B5D556BDD7DA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{46C60F83-6462-4331-AEF9-6FC8D47FB676}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{47682FE7-6A73-4F99-A937-970D83423898}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{5900A245-90B4-4200-8F03-D961DD09B0E3}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"UDP Query User{87663C13-BE00-4C27-9F7D-BACC9CF557A4}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{99D7087C-EFFF-4DB1-AD57-85921ADFB2ED}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{9F42E51F-1B95-464F-8050-D2519822F742}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{AAAD537B-A4D2-491C-913E-A4F4F273DCD6}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{B8BB07A7-6FB9-416E-8A29-17619E74DB2B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{D55954F3-1D13-4083-8E83-488F1FA57CB9}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"UDP Query User{D8361BEE-BB7B-4620-B75C-2BDA7F0AAA87}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{F0EF7D23-4146-41A1-94C1-C019A45111EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{F8E2F372-2DAC-42F3-8A28-45E957CEB644}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77174991-16BF-4302-9B7D-84D95F4D8C5E}_is1" = BodyTrainer
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Counter-Strike:Source_is1" = CSS v.1.0.0.34
"DesertCombat" = DesertCombat 0.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOW RDN Tools_is1" = DOW RDN Tools
"EvilLyrics" = EvilLyrics
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monoface" = monoface XXXX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"save2pc Converter_is1" = save2pc Converter 3.45
"SoundTap" = SoundTap Streaming Audio Recorder
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Typograf" = Typograf4.8f
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Vampire Editor" = Vampire Editor
"VASSAL (3.1.13)" = VASSAL (3.1.13)
"vcmm" = Vice City Mod Manager
"VLC media player" = VLC media player 0.9.9
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WarFront" = WarFront
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"Who Dares Wins 0.23 client" = Who Dares Wins 0.23 client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"589ae65f544e918e" = Stabi-Checker
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"OnlineCodex" = OnlineCodex
"OnlineCodex WHFB" = OnlineCodex WHFB
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E18D23-B117-420D-B2AA-F0B15CE8F0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{11FD7180-B364-4920-BAF5-FF2B5F8F6F18}" = rport=138 | protocol=17 | dir=out | app=system |
"{30BB41C1-F3AC-4E73-9747-87986FE0F5EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{31C6A118-F841-48EF-AEC5-66534B047769}" = rport=137 | protocol=17 | dir=out | app=system |
"{5468F44B-DEDB-49DB-AFA2-C3801CD961D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A4BF644-EAE3-4B65-AD9F-B2C4D32C683B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68DE4D5A-F888-42CD-8AC4-AA26D00358ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75D4AD02-B6CD-4003-B7E4-8C76A0F9934F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7AB52312-C8BC-4CDD-A638-88A2666983E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{7FC26710-E40A-470D-9046-F20842041F29}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F9E89D3-6F2C-4463-9A74-A26ADE57FB1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95D86AA1-38EE-45A6-8AA5-DF5CC1AF2BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{991D8CC6-AAF4-4D12-8475-3493676BDEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C2CC400-F76F-4EA7-9066-EA97F2737E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E78096-8642-4D21-9435-252332C6351F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C284BDDD-9DFD-4540-8E18-FF1C4F912062}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5EA56C9-2B59-4E2E-A8E7-1E5E48CB9D64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3E8AC8D-917C-4F57-8335-E0670A2B9CDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED325330-952D-41C8-A50A-657F1CA5473C}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1D4C065-3078-4272-84FA-2689F693405F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B102-81CB-48C8-9315-3C28F919B104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{098D2C73-49A3-4195-B58A-A10E133D5DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B3C0EA7-7125-4A45-8F0D-D2084A72733A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{0BB98C35-A35F-4E13-8076-4BDE63A708DA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1136537E-527E-46EB-9522-1B6B30DFB42F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{249BAED9-C347-49A8-9FAC-C78DC051B339}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{26A24B84-EBA8-4029-9436-1A8DB6AE25ED}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{28F158F0-71BF-44BC-AB72-BDEBD468F8EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2F158077-2CD2-40F7-9FE7-60B0C339184B}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{33914B44-3532-4D87-A548-7542158CB99C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{37E16456-39D5-4EE5-9363-DFB4433B66BD}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{39BE2E97-BCB6-44EB-9EB2-2BE1DBD8EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{3DD81C62-6485-4A67-9ACC-206A72F2343F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4DB4F8F4-F239-40F0-A2BA-F2C49F310E6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5753487A-8836-4986-A7AD-108718A28F6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5763CB4F-048E-4EA2-9041-FE0101E83E6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5ADF5357-D0EE-4D42-BBF6-438F4A607356}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5D7EEA5B-E701-44CC-98F0-4289704A3FAA}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{60AAF55F-D477-43D4-A752-E687605595DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{62D15BBA-8E39-4885-B085-4A08D5A06031}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6366DA10-BD9A-486F-AADE-D5C069C69346}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{69DE9FFB-82DA-4AFA-95B4-5BFA6C3AB567}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{73A1FDE1-7CE7-46E6-9C04-CD12C4C2BDAD}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{744CE7F9-3DDA-4C59-9A42-37D84E99E398}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7B7F4273-EA7F-4B46-A0D8-5EB2D2E4A241}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{852915A8-71FA-4982-97EE-1C942F65A9F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{86F6D358-8E56-48F6-850B-3258190F8C47}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{8CAA9AD7-99D1-4FD8-AD41-3BCE4FC92D54}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{95849A7E-8736-4112-A6A9-E1A9B39A05B1}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{9E9A96F1-5E9D-4F51-9151-50E13C29C6CE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{A9AD2DF9-E2D9-460F-90FF-A2F0703BE9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AC119DAC-9164-40BE-B24F-123E01988D73}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{B478A473-5891-4E9D-974B-69E9461B692D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B54CF880-F914-4C78-9651-76D3BC44D402}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B7510037-A5A2-4B8D-97C0-8B42349AD566}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{B96125F3-7192-401C-83A7-0934C6A80B59}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{C00D1237-D8E9-4225-ACD5-E32F8A20EFDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C20D6BBE-EC82-4412-9049-F1F0C9BA98A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C36E9A4D-7CFE-4AC0-AD04-0FE2BACDA35D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{C552EF17-F71D-4F03-8B11-3A7140272913}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{D36066CC-E823-482E-A0A1-8B024E658644}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DB209344-9F86-422C-984C-8F2A4EA86266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3236227-6349-4499-BC62-EE7CA7FB17C1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{F03EE435-0702-4725-A89B-390425D8E6D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{F7B54195-37CA-483D-872A-80AC01D037E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FEBC2869-29D8-4F58-852D-02F27DCB0BE5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"TCP Query User{0EE7C6F4-1C18-46DF-A626-F336DC6E351A}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{0F037392-DF67-4849-AD0C-309E09C698E2}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{12E31B69-1BB9-4A93-B422-116042E91493}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{189CC8B8-883C-4240-8005-E6B10B6418DC}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{4AB6E21C-F281-431C-BEA6-6FD8EFE60A79}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"TCP Query User{696E141B-FD93-44AA-8E65-9EB39797EA23}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{73A13397-0680-4065-9A51-BF36A247A4E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7909A2B3-1A31-4565-BD13-C8014159FB2F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{98E82FA0-08BC-4EDA-BED3-3A3725C7CF96}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"TCP Query User{9DED8B6F-18D5-4B1E-99F2-7B0BEF2621EB}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{B624E298-7DEF-4F0B-A03B-05CBC2554BC4}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{BF15C617-40DD-4799-8164-E7349A85E2D4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{C4FE7027-A678-4E8D-BF94-7F366DCA174E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{E4DBCB24-EFB6-4C9E-BB6E-B0F15B477DF3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{EBF0AE70-1C06-4365-A25D-E25075C9A93F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{13DA6640-6F3C-4A98-B014-CFA3AA69A570}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{1B50EE0D-AC29-4B00-8CD4-0B8EECA50822}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{3157920F-5E9C-4714-9ED3-B5D556BDD7DA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{46C60F83-6462-4331-AEF9-6FC8D47FB676}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{47682FE7-6A73-4F99-A937-970D83423898}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{5900A245-90B4-4200-8F03-D961DD09B0E3}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"UDP Query User{87663C13-BE00-4C27-9F7D-BACC9CF557A4}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{99D7087C-EFFF-4DB1-AD57-85921ADFB2ED}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{9F42E51F-1B95-464F-8050-D2519822F742}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{AAAD537B-A4D2-491C-913E-A4F4F273DCD6}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{B8BB07A7-6FB9-416E-8A29-17619E74DB2B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{D55954F3-1D13-4083-8E83-488F1FA57CB9}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"UDP Query User{D8361BEE-BB7B-4620-B75C-2BDA7F0AAA87}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{F0EF7D23-4146-41A1-94C1-C019A45111EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{F8E2F372-2DAC-42F3-8A28-45E957CEB644}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77174991-16BF-4302-9B7D-84D95F4D8C5E}_is1" = BodyTrainer
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Counter-Strike:Source_is1" = CSS v.1.0.0.34
"DesertCombat" = DesertCombat 0.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOW RDN Tools_is1" = DOW RDN Tools
"EvilLyrics" = EvilLyrics
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monoface" = monoface XXXX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"save2pc Converter_is1" = save2pc Converter 3.45
"SoundTap" = SoundTap Streaming Audio Recorder
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Typograf" = Typograf4.8f
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Vampire Editor" = Vampire Editor
"VASSAL (3.1.13)" = VASSAL (3.1.13)
"vcmm" = Vice City Mod Manager
"VLC media player" = VLC media player 0.9.9
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WarFront" = WarFront
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"Who Dares Wins 0.23 client" = Who Dares Wins 0.23 client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"589ae65f544e918e" = Stabi-Checker
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"OnlineCodex" = OnlineCodex
"OnlineCodex WHFB" = OnlineCodex WHFB
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E18D23-B117-420D-B2AA-F0B15CE8F0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{11FD7180-B364-4920-BAF5-FF2B5F8F6F18}" = rport=138 | protocol=17 | dir=out | app=system |
"{30BB41C1-F3AC-4E73-9747-87986FE0F5EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{31C6A118-F841-48EF-AEC5-66534B047769}" = rport=137 | protocol=17 | dir=out | app=system |
"{5468F44B-DEDB-49DB-AFA2-C3801CD961D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A4BF644-EAE3-4B65-AD9F-B2C4D32C683B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68DE4D5A-F888-42CD-8AC4-AA26D00358ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75D4AD02-B6CD-4003-B7E4-8C76A0F9934F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7AB52312-C8BC-4CDD-A638-88A2666983E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{7FC26710-E40A-470D-9046-F20842041F29}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F9E89D3-6F2C-4463-9A74-A26ADE57FB1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95D86AA1-38EE-45A6-8AA5-DF5CC1AF2BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{991D8CC6-AAF4-4D12-8475-3493676BDEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C2CC400-F76F-4EA7-9066-EA97F2737E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E78096-8642-4D21-9435-252332C6351F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C284BDDD-9DFD-4540-8E18-FF1C4F912062}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5EA56C9-2B59-4E2E-A8E7-1E5E48CB9D64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3E8AC8D-917C-4F57-8335-E0670A2B9CDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED325330-952D-41C8-A50A-657F1CA5473C}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1D4C065-3078-4272-84FA-2689F693405F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B102-81CB-48C8-9315-3C28F919B104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{098D2C73-49A3-4195-B58A-A10E133D5DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B3C0EA7-7125-4A45-8F0D-D2084A72733A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{0BB98C35-A35F-4E13-8076-4BDE63A708DA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1136537E-527E-46EB-9522-1B6B30DFB42F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{249BAED9-C347-49A8-9FAC-C78DC051B339}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{26A24B84-EBA8-4029-9436-1A8DB6AE25ED}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{28F158F0-71BF-44BC-AB72-BDEBD468F8EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2F158077-2CD2-40F7-9FE7-60B0C339184B}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{33914B44-3532-4D87-A548-7542158CB99C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{37E16456-39D5-4EE5-9363-DFB4433B66BD}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{39BE2E97-BCB6-44EB-9EB2-2BE1DBD8EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{3DD81C62-6485-4A67-9ACC-206A72F2343F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4DB4F8F4-F239-40F0-A2BA-F2C49F310E6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5753487A-8836-4986-A7AD-108718A28F6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5763CB4F-048E-4EA2-9041-FE0101E83E6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5ADF5357-D0EE-4D42-BBF6-438F4A607356}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5D7EEA5B-E701-44CC-98F0-4289704A3FAA}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{60AAF55F-D477-43D4-A752-E687605595DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{62D15BBA-8E39-4885-B085-4A08D5A06031}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6366DA10-BD9A-486F-AADE-D5C069C69346}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{69DE9FFB-82DA-4AFA-95B4-5BFA6C3AB567}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{73A1FDE1-7CE7-46E6-9C04-CD12C4C2BDAD}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{744CE7F9-3DDA-4C59-9A42-37D84E99E398}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7B7F4273-EA7F-4B46-A0D8-5EB2D2E4A241}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{852915A8-71FA-4982-97EE-1C942F65A9F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{86F6D358-8E56-48F6-850B-3258190F8C47}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{8CAA9AD7-99D1-4FD8-AD41-3BCE4FC92D54}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{95849A7E-8736-4112-A6A9-E1A9B39A05B1}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{9E9A96F1-5E9D-4F51-9151-50E13C29C6CE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{A9AD2DF9-E2D9-460F-90FF-A2F0703BE9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AC119DAC-9164-40BE-B24F-123E01988D73}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{B478A473-5891-4E9D-974B-69E9461B692D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B54CF880-F914-4C78-9651-76D3BC44D402}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B7510037-A5A2-4B8D-97C0-8B42349AD566}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{B96125F3-7192-401C-83A7-0934C6A80B59}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{C00D1237-D8E9-4225-ACD5-E32F8A20EFDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C20D6BBE-EC82-4412-9049-F1F0C9BA98A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C36E9A4D-7CFE-4AC0-AD04-0FE2BACDA35D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{C552EF17-F71D-4F03-8B11-3A7140272913}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{D36066CC-E823-482E-A0A1-8B024E658644}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DB209344-9F86-422C-984C-8F2A4EA86266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3236227-6349-4499-BC62-EE7CA7FB17C1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{F03EE435-0702-4725-A89B-390425D8E6D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{F7B54195-37CA-483D-872A-80AC01D037E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FEBC2869-29D8-4F58-852D-02F27DCB0BE5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"TCP Query User{0EE7C6F4-1C18-46DF-A626-F336DC6E351A}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{0F037392-DF67-4849-AD0C-309E09C698E2}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{12E31B69-1BB9-4A93-B422-116042E91493}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{189CC8B8-883C-4240-8005-E6B10B6418DC}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{4AB6E21C-F281-431C-BEA6-6FD8EFE60A79}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"TCP Query User{696E141B-FD93-44AA-8E65-9EB39797EA23}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{73A13397-0680-4065-9A51-BF36A247A4E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7909A2B3-1A31-4565-BD13-C8014159FB2F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{98E82FA0-08BC-4EDA-BED3-3A3725C7CF96}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"TCP Query User{9DED8B6F-18D5-4B1E-99F2-7B0BEF2621EB}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{B624E298-7DEF-4F0B-A03B-05CBC2554BC4}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{BF15C617-40DD-4799-8164-E7349A85E2D4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{C4FE7027-A678-4E8D-BF94-7F366DCA174E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{E4DBCB24-EFB6-4C9E-BB6E-B0F15B477DF3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{EBF0AE70-1C06-4365-A25D-E25075C9A93F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{13DA6640-6F3C-4A98-B014-CFA3AA69A570}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{1B50EE0D-AC29-4B00-8CD4-0B8EECA50822}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{3157920F-5E9C-4714-9ED3-B5D556BDD7DA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{46C60F83-6462-4331-AEF9-6FC8D47FB676}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{47682FE7-6A73-4F99-A937-970D83423898}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{5900A245-90B4-4200-8F03-D961DD09B0E3}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"UDP Query User{87663C13-BE00-4C27-9F7D-BACC9CF557A4}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{99D7087C-EFFF-4DB1-AD57-85921ADFB2ED}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{9F42E51F-1B95-464F-8050-D2519822F742}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{AAAD537B-A4D2-491C-913E-A4F4F273DCD6}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{B8BB07A7-6FB9-416E-8A29-17619E74DB2B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{D55954F3-1D13-4083-8E83-488F1FA57CB9}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"UDP Query User{D8361BEE-BB7B-4620-B75C-2BDA7F0AAA87}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{F0EF7D23-4146-41A1-94C1-C019A45111EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{F8E2F372-2DAC-42F3-8A28-45E957CEB644}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77174991-16BF-4302-9B7D-84D95F4D8C5E}_is1" = BodyTrainer
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Counter-Strike:Source_is1" = CSS v.1.0.0.34
"DesertCombat" = DesertCombat 0.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOW RDN Tools_is1" = DOW RDN Tools
"EvilLyrics" = EvilLyrics
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monoface" = monoface XXXX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"save2pc Converter_is1" = save2pc Converter 3.45
"SoundTap" = SoundTap Streaming Audio Recorder
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Typograf" = Typograf4.8f
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Vampire Editor" = Vampire Editor
"VASSAL (3.1.13)" = VASSAL (3.1.13)
"vcmm" = Vice City Mod Manager
"VLC media player" = VLC media player 0.9.9
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WarFront" = WarFront
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"Who Dares Wins 0.23 client" = Who Dares Wins 0.23 client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"589ae65f544e918e" = Stabi-Checker
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"OnlineCodex" = OnlineCodex
"OnlineCodex WHFB" = OnlineCodex WHFB
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E18D23-B117-420D-B2AA-F0B15CE8F0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{11FD7180-B364-4920-BAF5-FF2B5F8F6F18}" = rport=138 | protocol=17 | dir=out | app=system |
"{30BB41C1-F3AC-4E73-9747-87986FE0F5EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{31C6A118-F841-48EF-AEC5-66534B047769}" = rport=137 | protocol=17 | dir=out | app=system |
"{5468F44B-DEDB-49DB-AFA2-C3801CD961D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A4BF644-EAE3-4B65-AD9F-B2C4D32C683B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68DE4D5A-F888-42CD-8AC4-AA26D00358ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75D4AD02-B6CD-4003-B7E4-8C76A0F9934F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7AB52312-C8BC-4CDD-A638-88A2666983E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{7FC26710-E40A-470D-9046-F20842041F29}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F9E89D3-6F2C-4463-9A74-A26ADE57FB1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95D86AA1-38EE-45A6-8AA5-DF5CC1AF2BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{991D8CC6-AAF4-4D12-8475-3493676BDEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C2CC400-F76F-4EA7-9066-EA97F2737E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E78096-8642-4D21-9435-252332C6351F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C284BDDD-9DFD-4540-8E18-FF1C4F912062}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5EA56C9-2B59-4E2E-A8E7-1E5E48CB9D64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3E8AC8D-917C-4F57-8335-E0670A2B9CDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED325330-952D-41C8-A50A-657F1CA5473C}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1D4C065-3078-4272-84FA-2689F693405F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B102-81CB-48C8-9315-3C28F919B104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{098D2C73-49A3-4195-B58A-A10E133D5DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B3C0EA7-7125-4A45-8F0D-D2084A72733A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{0BB98C35-A35F-4E13-8076-4BDE63A708DA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1136537E-527E-46EB-9522-1B6B30DFB42F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{249BAED9-C347-49A8-9FAC-C78DC051B339}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{26A24B84-EBA8-4029-9436-1A8DB6AE25ED}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{28F158F0-71BF-44BC-AB72-BDEBD468F8EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2F158077-2CD2-40F7-9FE7-60B0C339184B}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{33914B44-3532-4D87-A548-7542158CB99C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{37E16456-39D5-4EE5-9363-DFB4433B66BD}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{39BE2E97-BCB6-44EB-9EB2-2BE1DBD8EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{3DD81C62-6485-4A67-9ACC-206A72F2343F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4DB4F8F4-F239-40F0-A2BA-F2C49F310E6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5753487A-8836-4986-A7AD-108718A28F6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5763CB4F-048E-4EA2-9041-FE0101E83E6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5ADF5357-D0EE-4D42-BBF6-438F4A607356}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5D7EEA5B-E701-44CC-98F0-4289704A3FAA}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{60AAF55F-D477-43D4-A752-E687605595DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{62D15BBA-8E39-4885-B085-4A08D5A06031}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6366DA10-BD9A-486F-AADE-D5C069C69346}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{69DE9FFB-82DA-4AFA-95B4-5BFA6C3AB567}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{73A1FDE1-7CE7-46E6-9C04-CD12C4C2BDAD}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{744CE7F9-3DDA-4C59-9A42-37D84E99E398}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7B7F4273-EA7F-4B46-A0D8-5EB2D2E4A241}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{852915A8-71FA-4982-97EE-1C942F65A9F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{86F6D358-8E56-48F6-850B-3258190F8C47}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{8CAA9AD7-99D1-4FD8-AD41-3BCE4FC92D54}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{95849A7E-8736-4112-A6A9-E1A9B39A05B1}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{9E9A96F1-5E9D-4F51-9151-50E13C29C6CE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{A9AD2DF9-E2D9-460F-90FF-A2F0703BE9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AC119DAC-9164-40BE-B24F-123E01988D73}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{B478A473-5891-4E9D-974B-69E9461B692D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B54CF880-F914-4C78-9651-76D3BC44D402}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B7510037-A5A2-4B8D-97C0-8B42349AD566}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"{B96125F3-7192-401C-83A7-0934C6A80B59}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{C00D1237-D8E9-4225-ACD5-E32F8A20EFDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C20D6BBE-EC82-4412-9049-F1F0C9BA98A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C36E9A4D-7CFE-4AC0-AD04-0FE2BACDA35D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{C552EF17-F71D-4F03-8B11-3A7140272913}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{D36066CC-E823-482E-A0A1-8B024E658644}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DB209344-9F86-422C-984C-8F2A4EA86266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3236227-6349-4499-BC62-EE7CA7FB17C1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{F03EE435-0702-4725-A89B-390425D8E6D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{F7B54195-37CA-483D-872A-80AC01D037E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FEBC2869-29D8-4F58-852D-02F27DCB0BE5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"TCP Query User{0EE7C6F4-1C18-46DF-A626-F336DC6E351A}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{0F037392-DF67-4849-AD0C-309E09C698E2}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{12E31B69-1BB9-4A93-B422-116042E91493}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{189CC8B8-883C-4240-8005-E6B10B6418DC}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{4AB6E21C-F281-431C-BEA6-6FD8EFE60A79}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"TCP Query User{696E141B-FD93-44AA-8E65-9EB39797EA23}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{73A13397-0680-4065-9A51-BF36A247A4E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7909A2B3-1A31-4565-BD13-C8014159FB2F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{98E82FA0-08BC-4EDA-BED3-3A3725C7CF96}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"TCP Query User{9DED8B6F-18D5-4B1E-99F2-7B0BEF2621EB}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{B624E298-7DEF-4F0B-A03B-05CBC2554BC4}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{BF15C617-40DD-4799-8164-E7349A85E2D4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{C4FE7027-A678-4E8D-BF94-7F366DCA174E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{E4DBCB24-EFB6-4C9E-BB6E-B0F15B477DF3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{EBF0AE70-1C06-4365-A25D-E25075C9A93F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{13DA6640-6F3C-4A98-B014-CFA3AA69A570}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{1B50EE0D-AC29-4B00-8CD4-0B8EECA50822}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{3157920F-5E9C-4714-9ED3-B5D556BDD7DA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{46C60F83-6462-4331-AEF9-6FC8D47FB676}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{47682FE7-6A73-4F99-A937-970D83423898}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{5900A245-90B4-4200-8F03-D961DD09B0E3}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"UDP Query User{87663C13-BE00-4C27-9F7D-BACC9CF557A4}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{99D7087C-EFFF-4DB1-AD57-85921ADFB2ED}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{9F42E51F-1B95-464F-8050-D2519822F742}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{AAAD537B-A4D2-491C-913E-A4F4F273DCD6}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{B8BB07A7-6FB9-416E-8A29-17619E74DB2B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{D55954F3-1D13-4083-8E83-488F1FA57CB9}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe |
"UDP Query User{D8361BEE-BB7B-4620-B75C-2BDA7F0AAA87}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{F0EF7D23-4146-41A1-94C1-C019A45111EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{F8E2F372-2DAC-42F3-8A28-45E957CEB644}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77174991-16BF-4302-9B7D-84D95F4D8C5E}_is1" = BodyTrainer
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Counter-Strike:Source_is1" = CSS v.1.0.0.34
"DesertCombat" = DesertCombat 0.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOW RDN Tools_is1" = DOW RDN Tools
"EvilLyrics" = EvilLyrics
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monoface" = monoface XXXX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"save2pc Converter_is1" = save2pc Converter 3.45
"SoundTap" = SoundTap Streaming Audio Recorder
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Typograf" = Typograf4.8f
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Vampire Editor" = Vampire Editor
"VASSAL (3.1.13)" = VASSAL (3.1.13)
"vcmm" = Vice City Mod Manager
"VLC media player" = VLC media player 0.9.9
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WarFront" = WarFront
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"Who Dares Wins 0.23 client" = Who Dares Wins 0.23 client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"589ae65f544e918e" = Stabi-Checker
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"OnlineCodex" = OnlineCodex
"OnlineCodex WHFB" = OnlineCodex WHFB
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
10.10.2010, 12:07
| #4 |
| | Google spinnt und leitet teilweise flasch weiter OTL.txt Code:
ATTFilter OTL logfile created on: 10.10.2010 12:16:36 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Jannik\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,89 Gb Total Space | 21,52 Gb Free Space | 14,45% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 147,73 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JANNIK-PC Current User Name: Jannik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Jannik\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Jannik\AppData\Local\Temp\Cnu.exe (Borland International) PRC - C:\Users\Public\Documents\Windows\winhelp.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Jannik\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (CTDevice_Srv) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1}:1.9.1 FF - prefs.js..extensions.enabledItems: {a3f3e150-ef43-11de-8a39-0800200c9a66}:3.6 FF - prefs.js..keyword.URL: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=8BHxn8ZFdUKHS9Ke.Akwrg&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.09 18:53:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.09 18:53:28 | 000,000,000 | ---D | M] [2009.04.11 16:08:13 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\mozilla\Extensions [2010.10.10 12:12:55 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions [2010.06.25 10:45:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.07 00:29:41 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66} [2010.06.25 10:45:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.06.25 10:45:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.03.19 18:01:07 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\anttoolbar@ant.com [2010.07.07 00:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions [2010.07.07 00:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions [2010.07.07 00:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\browser\extensions [2010.07.07 00:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions [2010.03.23 16:36:14 | 000,001,967 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\ardapedia-de.xml [2010.10.09 23:00:52 | 000,002,122 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\chip-online-suche.xml [2009.04.13 14:52:59 | 000,002,665 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\collectr.xml [2010.10.09 12:00:02 | 000,001,056 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\icqplugin.xml [2010.04.18 10:17:00 | 000,003,181 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\kinoto.xml [2009.11.24 19:07:22 | 000,007,212 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\lexicanum-de.xml [2009.09.17 22:16:42 | 000,002,037 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\simpsonspedia-deutsch.xml [2009.05.10 00:22:43 | 000,001,194 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\stupidedia-de.xml [2009.10.31 12:32:07 | 000,002,639 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\wiki-aventurica-de.xml [2009.04.14 21:21:04 | 000,000,945 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\youtube-videosuche.xml [2010.10.09 18:53:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.04.11 22:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [ClipIncSrvTray] C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [FeedBuster] C:\Program Files\Alnera\FeedBuster\FeedBuster.exe File not found O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Fgefizajifoh] C:\Users\Jannik\AppData\Local\asiyulidemawixor.DLL (VoLT, 2010) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [iashsdtc] C:\Users\Jannik\AppData\Local\Temp\LocaStub.DLL () O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [KOO9RV9K4Z] C:\Users\Jannik\AppData\Local\Temp\Cnu.exe (Borland International) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Metropolis] C:\Users\Jannik\AppData\Local\Temp\sshnas21.DLL (Borland International) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Rbidog] C:\Users\Jannik\AppData\Local\xULevsb.DLL () O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [SMH2B46TDP] C:\Users\Jannik\AppData\Local\Temp\Cns.exe (Borland International) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [TOSCDSPD] File not found O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (ZTX) O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE File not found O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8c6a3876-cbb3-11de-8a4b-001e339de0ee}\Shell\AutoRun\command - "" = programm.exe O33 - MountPoints2\{b9938341-7449-11de-a4f3-001e339de0ee}\Shell - "" = Autorun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.10.10 00:51:26 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1} [2010.10.09 22:49:37 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Roaming\Avira [2010.10.09 19:47:59 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.10.09 19:47:59 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.10.09 19:47:59 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.10.09 19:47:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.10.09 19:47:59 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.10.09 19:47:58 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.10.09 19:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.10.09 16:17:43 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows [2010.10.09 16:17:41 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.10.09 16:17:22 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE [2010.10.05 18:57:20 | 000,000,000 | ---D | C] -- C:\Users\Jannik\Documents\ZENcast [2010.10.05 18:52:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE} [2010.10.05 18:51:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B67754EF-0BFC-493C-AD53-F5A9559F1E49} [2010.10.05 18:01:00 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Roaming\Alnera [2010.10.02 14:25:57 | 000,000,000 | ---D | C] -- C:\Programme\Trebaxa [2010.09.29 14:44:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.22 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\Jannik\Desktop\Bodybuilding [2010.09.18 12:19:57 | 000,000,000 | ---D | C] -- C:\Users\Jannik\mods [2010.09.15 16:10:22 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.14 19:32:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.09.12 17:35:27 | 000,000,000 | ---D | C] -- C:\Users\Jannik\Desktop\video [2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2008.01.21 04:24:21 | 000,197,120 | ---- | C] (VoLT, 2010) -- C:\Users\Jannik\AppData\Local\asiyulidemawixor.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.10 12:21:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.10 12:21:02 | 002,621,440 | -HS- | M] () -- C:\Users\Jannik\ntuser.dat [2010.10.10 12:21:02 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.10 12:19:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CA065216-DD17-454D-B3FB-93DA2E515D71}.job [2010.10.10 12:11:54 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.10.10 12:10:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.10 12:10:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.10 12:10:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.10 00:51:27 | 000,000,120 | ---- | M] () -- C:\Users\Jannik\AppData\Local\Rpixebop.dat [2010.10.10 00:51:27 | 000,000,000 | ---- | M] () -- C:\Users\Jannik\AppData\Local\Gpejumokabadebir.bin [2010.10.09 20:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.09 19:48:02 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.09 19:00:16 | 001,447,792 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.10.09 19:00:16 | 000,628,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.09 19:00:16 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.09 19:00:16 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.09 19:00:16 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.09 18:55:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.09 18:55:50 | 3219,120,128 | -HS- | M] () -- C:\hiberfil.sys [2010.10.09 18:54:03 | 000,524,288 | -HS- | M] () -- C:\Users\Jannik\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.10.09 18:54:03 | 000,065,536 | -HS- | M] () -- C:\Users\Jannik\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.10.09 18:54:00 | 002,831,688 | -H-- | M] () -- C:\Users\Jannik\AppData\Local\IconCache.db [2010.10.09 18:53:29 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.09 16:17:59 | 000,000,135 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\asdsada.bat [2010.10.09 16:17:53 | 000,000,020 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\cnmkat.dat [2010.10.09 16:17:49 | 000,000,004 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\avdrn.dat [2010.10.07 20:18:58 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jannik.job [2010.09.23 16:11:17 | 000,019,132 | ---- | M] () -- C:\Users\Jannik\Documents\KursfahrtAnmeldung.pdf [2010.09.21 18:13:16 | 000,937,018 | ---- | M] () -- C:\Users\Jannik\Desktop\14.gif [2010.09.19 00:53:00 | 000,037,330 | ---- | M] () -- C:\Users\Jannik\helden.zip.hld [2010.09.19 00:53:00 | 000,005,628 | ---- | M] () -- C:\Users\Jannik\.heldEinstellungen4_1.xml [2010.09.19 00:42:37 | 000,034,462 | ---- | M] () -- C:\Users\Jannik\helden.zip.hld.ok [2010.09.19 00:42:35 | 000,000,240 | ---- | M] () -- C:\Users\Jannik\.dsa4.properties [2010.09.16 16:32:08 | 000,200,192 | ---- | M] () -- C:\Users\Jannik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.10 00:51:27 | 000,000,120 | ---- | C] () -- C:\Users\Jannik\AppData\Local\Rpixebop.dat [2010.10.10 00:51:27 | 000,000,000 | ---- | C] () -- C:\Users\Jannik\AppData\Local\Gpejumokabadebir.bin [2010.10.09 22:58:44 | 000,010,457 | ---- | C] () -- C:\Users\Jannik\hijackthis.log [2010.10.09 19:48:02 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.09 18:53:29 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.09 16:18:12 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.09 16:17:59 | 000,000,135 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\asdsada.bat [2010.10.09 16:17:52 | 000,000,020 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\cnmkat.dat [2010.10.09 16:17:49 | 000,000,004 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\avdrn.dat [2010.09.23 16:11:17 | 000,019,132 | ---- | C] () -- C:\Users\Jannik\Documents\KursfahrtAnmeldung.pdf [2010.09.21 18:13:15 | 000,937,018 | ---- | C] () -- C:\Users\Jannik\Desktop\14.gif [2010.05.09 13:18:37 | 000,027,136 | ---- | C] () -- C:\Windows\System32\QTUninst.dll [2010.01.26 21:52:36 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.11.17 20:01:51 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.10.09 13:41:42 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.10.09 13:41:42 | 000,139,152 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\PnkBstrK.sys [2009.10.07 14:51:10 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.10.07 14:49:26 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.06.21 15:43:39 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2009.06.21 15:43:39 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2009.05.30 17:19:02 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.05.30 17:19:02 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.05.30 17:19:02 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.05.30 17:09:46 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.05.21 18:45:12 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.05.04 17:32:26 | 000,000,094 | ---- | C] () -- C:\Users\Jannik\AppData\Local\fusioncache.dat [2009.04.24 19:43:09 | 000,007,052 | ---- | C] () -- C:\Users\Jannik\AppData\Local\d3d9caps.dat [2009.04.21 14:16:01 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.04.15 09:28:37 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.04.13 12:48:34 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll [2009.04.11 21:10:40 | 000,000,016 | -H-- | C] () -- C:\Users\Jannik\AppData\Roaming\mxfilerelatedcache.mxc2 [2009.04.11 21:10:40 | 000,000,016 | -H-- | C] () -- C:\Users\Jannik\AppData\Local\mxfilerelatedcache.mxc2 [2009.04.11 20:36:05 | 000,000,176 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\wklnhst.dat [2009.04.11 17:46:31 | 000,200,192 | ---- | C] () -- C:\Users\Jannik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll [2008.08.04 12:30:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.07.03 11:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.07.03 11:27:11 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.07.03 11:17:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.07.03 11:17:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.07.03 11:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.07.03 11:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.07.03 11:17:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.07.03 11:17:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.07.03 10:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.07.03 09:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.01.21 04:24:21 | 000,080,384 | ---- | C] () -- C:\Users\Jannik\AppData\Local\xULevsb.dll [2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2000.02.10 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL ========== LOP Check ========== [2009.05.23 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BITS [2010.10.09 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE [2010.10.05 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Alnera [2009.04.13 12:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Any Video Converter Professional [2009.06.06 18:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Ashampoo [2009.09.01 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\BITS [2010.01.26 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\DAEMON Tools Lite [2010.06.16 20:20:24 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\gtk-2.0 [2010.10.09 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\ICQ [2010.04.23 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Leadertech [2009.09.23 18:11:14 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\LiveCAD2 [2009.04.18 23:34:46 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Magic Set Editor [2009.10.07 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\MAGIX [2010.03.23 13:36:50 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2009.04.13 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2009.09.14 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2009.04.12 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\My Battle for Middle-earth Files [2009.04.11 16:35:20 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\myphotobook [2009.10.11 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\NCH Swift Sound [2009.04.21 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\OpenOffice.org [2009.09.26 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Template [2009.05.21 18:45:31 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Tobit [2009.04.29 21:42:44 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Toshiba [2009.11.05 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\TuneUp Software [2009.04.21 13:54:43 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Typograf [2010.05.08 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Uniblue [2010.08.20 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Unity [2009.07.29 15:20:41 | 000,000,000 | ---D | M] -- C:\Users\Twilight\AppData\Roaming\BITS [2009.06.20 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Twilight\AppData\Roaming\ICQ [2010.10.10 12:11:54 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.10.09 18:54:04 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.10.10 12:19:59 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CA065216-DD17-454D-B3FB-93DA2E515D71}.job [2010.10.10 12:21:02 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.09 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE [2009.04.11 16:15:09 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Adobe [2010.10.05 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Alnera [2009.04.13 12:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Any Video Converter Professional [2010.09.16 16:26:02 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Apple Computer [2009.06.06 18:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Ashampoo [2009.04.11 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\ATI [2010.10.09 22:49:37 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Avira [2009.04.13 12:13:51 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\AVS4YOU [2009.09.01 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\BITS [2010.05.12 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Creative [2010.01.26 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\DAEMON Tools Lite [2009.04.25 10:11:08 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\DivX [2010.09.28 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\dvdcss [2010.05.19 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\FastStone [2009.04.11 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Google [2010.06.16 20:20:24 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\gtk-2.0 [2010.10.09 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\ICQ [2009.04.11 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Identities [2009.04.11 14:06:54 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\InstallShield [2010.06.26 15:34:22 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\InstallShield Installation Information [2010.04.23 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Leadertech [2009.09.23 18:11:14 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\LiveCAD2 [2009.04.11 16:15:09 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Macromedia [2009.04.18 23:34:46 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Magic Set Editor [2009.10.07 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\MAGIX [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Media Center Programs [2010.03.23 13:36:50 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2009.04.13 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2009.09.14 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2009.11.17 16:36:12 | 000,000,000 | --SD | M] -- C:\Users\Jannik\AppData\Roaming\Microsoft [2010.04.09 07:59:26 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Move Networks [2009.04.11 16:08:13 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Mozilla [2009.04.12 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\My Battle for Middle-earth Files [2009.04.11 16:35:20 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\myphotobook [2009.11.17 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\NCH Software [2009.10.11 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\NCH Swift Sound [2009.04.21 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\OpenOffice.org [2009.10.08 18:56:30 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\SecuROM [2009.09.26 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Template [2009.05.21 18:45:31 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Tobit [2009.04.29 21:42:44 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Toshiba [2009.11.05 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\TuneUp Software [2009.04.21 13:54:43 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Typograf [2010.05.08 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Uniblue [2010.08.20 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Unity [2009.04.13 12:12:11 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\vlc [2009.04.19 11:33:17 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.26 14:48:03 | 000,331,776 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe [2010.05.07 19:08:25 | 000,006,144 | R--- | M] () -- C:\Users\Jannik\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe [2010.05.07 19:08:25 | 000,011,264 | R--- | M] () -- C:\Users\Jannik\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe [2010.05.07 19:08:25 | 000,008,192 | R--- | M] () -- C:\Users\Jannik\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe [2008.01.21 04:23:50 | 000,037,376 | R-S- | M] (ZTX) -- C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe [2010.04.09 07:59:26 | 000,144,053 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Move Networks\uninstall.exe [2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2007.01.01 18:01:25 | 000,009,728 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\myphotobook\xtras\localVista.exe [2007.01.08 10:34:46 | 000,006,656 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\myphotobook\xtras\localXP.exe [2006.12.21 13:16:20 | 000,021,504 | ---- | M] (Optimum X) -- C:\Users\Jannik\AppData\Roaming\myphotobook\xtras\shellExecute.exe [2006.12.21 13:16:15 | 000,009,216 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\myphotobook\xtras\sleep.exe [2008.02.13 09:07:36 | 000,405,504 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\NCH Software\Components\aacdec2\aacdec2.exe [2008.02.13 09:07:36 | 000,393,216 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe [2007.10.04 11:32:50 | 000,299,008 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\NCH Software\Components\amrenc2\amrenc2.exe [2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe < %SYSTEMDRIVE%\*.exe > [1 C:\*.tmp files -> C:\*.tmp -> ] < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys [2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys [2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys [2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2008.04.15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys [2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.01.26 21:52:37 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > |
|
10.10.2010, 13:15
| #5 |
| /// Malware-holic | Google spinnt und leitet teilweise flasch weiter • Starte bitte die OTL.exe. • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Jannik\AppData\Local\Temp\Cnu.exe (Borland International) PRC - C:\Users\Public\Documents\Windows\winhelp.exe () SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found O2 - BHO: (no name) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - No CLSID value found O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [FeedBuster] C:\Program Files\Alnera\FeedBuster\FeedBuster.exe File not found O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Fgefizajifoh] C:\Users\Jannik\AppData\Local\asiyulidemawixor.DLL (VoLT, 2010) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [iashsdtc] C:\Users\Jannik\AppData\Local\Temp\LocaStub.DLL () O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [KOO9RV9K4Z] C:\Users\Jannik\AppData\Local\Temp\Cnu.exe (Borland International) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Metropolis] C:\Users\Jannik\AppData\Local\Temp\sshnas21.DLL (Borland International) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Rbidog] C:\Users\Jannik\AppData\Local\xULevsb.DLL () O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [SMH2B46TDP] C:\Users\Jannik\AppData\Local\Temp\Cns.exe (Borland International) O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [TOSCDSPD] File not found O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (ZTX) [2010.10.10 00:51:26 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1} [2010.10.09 16:17:43 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows [2010.10.09 16:17:41 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.10.09 16:17:22 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE [2010.10.10 12:21:02 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.10 00:51:27 | 000,000,120 | ---- | M] () -- C:\Users\Jannik\AppData\Local\Rpixebop.dat [2010.10.10 00:51:27 | 000,000,000 | ---- | M] () -- C:\Users\Jannik\AppData\Local\Gpejumokabadebir.bin [2010.10.09 16:17:59 | 000,000,135 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\asdsada.bat [2010.10.09 16:17:53 | 000,000,020 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\cnmkat.dat :FILES :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten öffne mein computer, c:\_OTL rechtsklick auf moved files und zu moved files.rar oder zip hinzufügen. archiv zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html |
|
10.10.2010, 13:41
| #6 |
| | Google spinnt und leitet teilweise flasch weiter Erstmal das Text-dokument: Code:
ATTFilter All processes killed
========== OTL ==========
Process Cnu.exe killed successfully!
No active process named winhelp.exe was found!
Service TOSHIBA Bluetooth Service stopped successfully!
Service TOSHIBA Bluetooth Service deleted successfully!
File c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Service igfx stopped successfully!
Service igfx deleted successfully!
File C:\Windows\System32\DRIVERS\igdkmd32.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FeedBuster deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fgefizajifoh deleted successfully.
C:\Users\Jannik\AppData\Local\asiyulidemawixor.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iashsdtc deleted successfully.
C:\Users\Jannik\AppData\Local\Temp\LocaStub.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KOO9RV9K4Z deleted successfully.
C:\Users\Jannik\AppData\Local\Temp\Cnu.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Metropolis deleted successfully.
C:\Users\Jannik\AppData\Local\Temp\sshnas21.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Rbidog deleted successfully.
C:\Users\Jannik\AppData\Local\xULevsb.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SMH2B46TDP deleted successfully.
C:\Users\Jannik\AppData\Local\Temp\Cns.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully.
C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe moved successfully.
C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1}\chrome\content folder moved successfully.
C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1}\chrome folder moved successfully.
C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1} folder moved successfully.
C:\Users\Public\Documents\Windows folder moved successfully.
C:\Users\Public\Documents\Server folder moved successfully.
C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE folder moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Users\Jannik\AppData\Local\Rpixebop.dat moved successfully.
C:\Users\Jannik\AppData\Local\Gpejumokabadebir.bin moved successfully.
C:\Users\Jannik\AppData\Roaming\asdsada.bat moved successfully.
C:\Users\Jannik\AppData\Roaming\cnmkat.dat moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: Default
User: Gast
->Flash cache emptied: 7858 bytes
User: Jannik
->Flash cache emptied: 12523 bytes
User: Public
User: TEMP
User: Twilight
->Flash cache emptied: 3714 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Gast
->Temp folder emptied: 148205 bytes
->Temporary Internet Files folder emptied: 49029120 bytes
->Java cache emptied: 25801315 bytes
->FireFox cache emptied: 73846218 bytes
->Flash cache emptied: 0 bytes
User: Jannik
->Temp folder emptied: 2309086 bytes
->Temporary Internet Files folder emptied: 3283462 bytes
->Java cache emptied: 70852718 bytes
->FireFox cache emptied: 82288242 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: TEMP
User: Twilight
->Temp folder emptied: 572281 bytes
->Temporary Internet Files folder emptied: 5204108 bytes
->FireFox cache emptied: 65920900 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 252352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1392560219 bytes
RecycleBin emptied: 491671490 bytes
Total Files Cleaned = 2.159,00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 10102010_142543
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Geändert von BlackApe (10.10.2010 um 13:47 Uhr) |
|
10.10.2010, 13:46
| #7 |
| /// Malware-holic | Google spinnt und leitet teilweise flasch weiter bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
10.10.2010, 13:55
| #8 |
| | Google spinnt und leitet teilweise flasch weiter Kann Combofix den PC formatieren oder wie hab ich das zu verstehen?? |
|
10.10.2010, 13:56
| #9 |
| /// Malware-holic | Google spinnt und leitet teilweise flasch weiter ne wie kommst darauf |
|
10.10.2010, 13:58
| #10 |
| | Google spinnt und leitet teilweise flasch weiter Weil da irgendwas steht von Ursprungsumgebung und Die Windows-CD bereithalten. |
|
10.10.2010, 14:00
| #11 |
| /// Malware-holic | Google spinnt und leitet teilweise flasch weiter irgendwas, du musst schon genau lesen was da steht, es geht um die rettungskonsole. natürlich könnte combofix zu problemen führen, dass kann dir aber mit jedem programm, welches du nutzt, passieren. |
|
10.10.2010, 14:40
| #12 |
| | Google spinnt und leitet teilweise flasch weiterCode:
ATTFilter ComboFix 10-10-09.04 - Jannik 10.10.2010 15:30:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.2196 [GMT 2:00]
ausgeführt von:: c:\users\Jannik\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\_otl\MovedFiles\10102010_142543\C_Users\Public\Documents\Windows\winhelp.exe
C:\cleansweep.exe
c:\cleansweep.exe\config.bin
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\Gast\AppData\Roaming\BITS
c:\users\Gast\AppData\Roaming\BITS\BITS.ini
c:\users\Gast\AppData\Roaming\BITS\DHTTable.dat
c:\users\Gast\AppData\Roaming\BITS\ProxyList.ini
c:\users\Jannik\AppData\Roaming\avdrn.dat
c:\users\Jannik\AppData\Roaming\BITS
c:\users\Jannik\AppData\Roaming\BITS\BITS.ini
c:\users\Jannik\AppData\Roaming\BITS\DHTTable.dat
c:\users\Jannik\AppData\Roaming\BITS\ProxyList.ini
c:\users\Jannik\AppData\Roaming\BITS\UPnP.ini
c:\users\Jannik\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Jannik\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\Jannik\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\Jannik\Favorites\mxfilerelatedcache.mxc2
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat
c:\users\Twilight\AppData\Roaming\BITS
c:\users\Twilight\AppData\Roaming\BITS\BITS.ini
c:\users\Twilight\AppData\Roaming\BITS\DHTTable.dat
c:\users\Twilight\AppData\Roaming\BITS\ProxyList.ini
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-10 bis 2010-10-10 ))))))))))))))))))))))))))))))
.
2010-10-10 13:35 . 2010-10-10 13:35 -------- d-----w- c:\users\Jannik\AppData\Local\temp
2010-10-10 12:25 . 2010-10-10 12:44 -------- d-----w- C:\_OTL
2010-10-09 20:49 . 2010-10-09 20:49 -------- d-----w- c:\users\Jannik\AppData\Roaming\Avira
2010-10-09 17:47 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-09 17:47 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-09 17:47 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-09 17:47 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-09 17:47 . 2010-10-09 17:47 -------- d-----w- c:\programdata\Avira
2010-10-09 17:47 . 2010-10-09 17:47 -------- d-----w- c:\program files\Avira
2010-10-09 16:53 . 2010-09-14 23:02 23512 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-10-09 16:53 . 2010-09-14 23:02 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-10-09 10:41 . 2003-09-03 00:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2010-10-09 10:41 . 2003-09-03 00:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2010-10-09 10:41 . 2003-09-03 00:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2010-10-09 10:41 . 2003-09-03 00:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2010-10-09 10:41 . 2003-09-03 00:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2010-10-09 10:41 . 2010-10-09 10:41 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2010-10-09 10:41 . 2010-10-09 10:41 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2010-10-08 22:06 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{862699FA-144F-4E4B-92D8-D791B579F746}\mpengine.dll
2010-10-05 16:52 . 2010-10-05 16:52 -------- d--h--w- c:\programdata\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2010-10-05 16:51 . 2010-10-05 16:51 -------- d--h--w- c:\programdata\{B67754EF-0BFC-493C-AD53-F5A9559F1E49}
2010-10-05 16:01 . 2010-10-05 16:01 -------- d-----w- c:\users\Jannik\AppData\Roaming\Alnera
2010-10-03 10:37 . 2010-10-03 12:19 -------- d-----w- c:\users\Gast\VASSAL
2010-10-03 08:30 . 2010-10-03 08:30 -------- d-----w- c:\users\Gast\AppData\Roaming\vlc
2010-10-02 12:25 . 2010-10-02 12:25 -------- d-----w- c:\program files\Trebaxa
2010-09-29 12:44 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-18 10:19 . 2010-09-18 10:19 -------- d-----w- c:\users\Jannik\mods
2010-09-15 14:10 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:10 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:10 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:10 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 17:32 . 2010-09-14 17:32 -------- d-----w- c:\program files\iPod
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ClipIncSrvTray"="c:\program files\Tobit ClipInc\Player\ClipIncTray.exe" [2009-03-16 668424]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-23 203928]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-27 1242448]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-22 133432]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-21 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate1ca0a54c6c8e650;Google Update Service (gupdate1ca0a54c6c8e650);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 133104]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ClipInc001;ClipInc 001;c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - avgntflt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-10-10 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-15 11:07]
2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 22:44]
2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 22:44]
2010-10-07 c:\windows\Tasks\Norton Security Scan for Jannik.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-13 07:48]
2010-10-10 c:\windows\Tasks\User_Feed_Synchronization-{CA065216-DD17-454D-B3FB-93DA2E515D71}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\Jannik\AppData\Roaming\Mozilla\Firefox\Profiles\t9rhmqzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=8BHxn8ZFdUKHS9Ke.Akwrg&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Jannik\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01); user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-Rbidog - c:\users\Jannik\AppData\Local\xULevsb.dll
AddRemove-EvilLyrics - c:\program files\EvilLyrics\uninst.exe
AddRemove-Free 3GP Video Converter_is1 - c:\program files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe
AddRemove-WarFront - c:\program files\EA GAMES\Battlefield 1942\Mods\Uninstal.exe
AddRemove-Who Dares Wins 0.23 client - c:\program files\EA GAMES\Battlefield 1942\Mods\WhoDaresWins\Uninstal.exe
AddRemove-{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1 - c:\program files\Alnera\FeedBuster\unins000.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,58,06,62,2c,fe,71,4c,ef,f1,3f,1e,68,d9,9e,84,53,13,d5,6a,ba,
51,31,19,65,45,8b,78,16,0f,4d,31,42,fe,d6,b7,25,70,b4,d8,f5,4d,de,eb,13,7d,\
"rkeysecu"=hex:60,8d,f5,9f,eb,5f,6e,a9,ad,b5,d3,86,38,ef,d5,af
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-10 15:37:06
ComboFix-quarantined-files.txt 2010-10-10 13:37
Vor Suchlauf: 14 Verzeichnis(se), 24.478.322.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 24.269.955.072 Bytes frei
- - End Of File - - 57319E54BB1D2049BAD27F5C8B5EDD08
€: das neue problem hat sich erledigt. Geändert von BlackApe (10.10.2010 um 14:52 Uhr) |
|
10.10.2010, 14:51
| #13 |
| /// Malware-holic | Google spinnt und leitet teilweise flasch weiter starte ihn mal neu. dann weiter hiermit: download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. |
|
10.10.2010, 15:06
| #14 |
| | Google spinnt und leitet teilweise flasch weiter OK, sag mal wie lange dauert den das noch, so im Durchschnitt?? |
|
10.10.2010, 15:10
| #15 |
| /// Malware-holic | Google spinnt und leitet teilweise flasch weiter keine ahnung, mindestens bis wir fertig sind... aber sieht ja schon mal besser aus. |
|
| Themen zu Google spinnt und leitet teilweise flasch weiter |
| 0 bytes, antivir, antivir guard, avg, avira, bho, bonjour, defender, desktop, ebay, falsche seite, firefox, google, hijack, internet, internet explorer, jar_cache, java-virus, jusched.exe, local\temp, mozilla, notepad.exe, nt.dll, performance, plug-in, problem, prozesse, rundll, saver, server, service pack 1, software, system, trojaner, trojaner gefunden, uleadburninghelper, versteckte objekte, verweise, virus gefunden, vista, windows, zwei trojaner |
Linear-Darstellung
