Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Google spinnt und leitet teilweise flasch weiter

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.10.2010, 23:25   #1
BlackApe
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



Ich habe ein Problem, erstmal ich hab nicht so die Ahnung von PCs. Und dann zum Hauptproblem:

Angefangen hat es damit, dass mir AntiVir und Windows gleichzeitig einen Trojaner meldeten. Also Laptop vom Netz getrennt und Viren-Scan. So zwei Trojaner gefunden und entfernt.
Dann schien alles gut und der PC sauber zu sein.
Dann wieder im Netz und ich merkte das Google mich oft auf falsche Seiten weiterleitete.Dann hab ich mal in die Prozesse geschaut und die WerFault.exe gefunden. Keine Ahnung was das nun wieder ist.
Also noch nen Scan. Nix gefunden.
Also noch mal ab ins Netz, und schaun was es für lösungen gibt. Also hijackthis-Analyse und das ist das Ergebinnis:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:32, on 09.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Public\Documents\Windows\winhelp.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jannik\AppData\Local\Temp\Cnu.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Users\Jannik\Downloads\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [FeedBuster] "C:\Program Files\Alnera\FeedBuster\FeedBuster.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [Rbidog] rundll32.exe "C:\Users\Jannik\AppData\Local\xULevsb.dll",Startup
O4 - HKCU\..\Run: [iashsdtc] rundll32 "C:\Users\Jannik\AppData\Local\Temp\LocaStub.dll",CreateProcessNotify
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\Jannik\AppData\Local\Temp\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [SMH2B46TDP] C:\Users\Jannik\AppData\Local\Temp\Cns.exe
O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\Jannik\AppData\Local\Temp\Cnu.exe
O4 - Startup: algdyw32.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - User Startup: winhelp.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Update Service (gupdate1ca0a54c6c8e650) (gupdate1ca0a54c6c8e650) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
--
End of file - 10455 bytes
         
--- --- ---
Und wie gesagt ich kann damit nicht soviel anfangen und würde mich echt freuen wenn ihr mir helfen könntet.

P.S.:Ich lass gerade noch nen Scan nebenher laufen und das Ergebniss werd ich noch posten.

Danke schon mal

BlackApe


Achja ich benutze Firefox und der Scan hat jetzt schon zehn Funde.

Hier die Scan-Ergebnisse
JAVA/Rowindal.A
JAVA/OpenSteam.C
JAVA/2010.0094.E


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 9. Oktober 2010 22:51

Es wird nach 2914708 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 1) [6.0.6001]
Boot Modus : Normal gebootet
Benutzername : Jannik
Computername : JANNIK-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 20:45:19
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 20:45:24
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 20:45:36
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 20:45:43
VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.2010 20:45:43
VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.2010 20:45:44
VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.2010 20:45:45
VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.2010 20:45:45
VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.2010 20:45:46
VBASE014.VDF : 7.10.11.202 144384 Bytes 18.09.2010 20:45:46
VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.2010 20:45:46
VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.2010 20:45:47
VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.2010 20:45:47
VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.2010 20:45:47
VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.2010 20:45:48
VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.2010 20:45:48
VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.2010 20:45:49
VBASE022.VDF : 7.10.12.149 2048 Bytes 07.10.2010 20:45:49
VBASE023.VDF : 7.10.12.150 2048 Bytes 07.10.2010 20:45:49
VBASE024.VDF : 7.10.12.151 2048 Bytes 07.10.2010 20:45:49
VBASE025.VDF : 7.10.12.152 2048 Bytes 07.10.2010 20:45:49
VBASE026.VDF : 7.10.12.153 2048 Bytes 07.10.2010 20:45:49
VBASE027.VDF : 7.10.12.154 2048 Bytes 07.10.2010 20:45:49
VBASE028.VDF : 7.10.12.155 2048 Bytes 07.10.2010 20:45:49
VBASE029.VDF : 7.10.12.156 2048 Bytes 07.10.2010 20:45:50
VBASE030.VDF : 7.10.12.157 2048 Bytes 07.10.2010 20:45:50
VBASE031.VDF : 7.10.12.167 75776 Bytes 08.10.2010 20:45:50
Engineversion : 8.2.4.72
AEVDF.DLL : 8.1.2.1 106868 Bytes 09.10.2010 20:46:01
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 09.10.2010 20:46:01
AESCN.DLL : 8.1.6.1 127347 Bytes 09.10.2010 20:46:00
AESBX.DLL : 8.1.3.1 254324 Bytes 09.10.2010 20:46:02
AERDL.DLL : 8.1.9.2 635252 Bytes 09.10.2010 20:46:00
AEPACK.DLL : 8.2.3.7 471413 Bytes 09.10.2010 20:45:59
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 09.10.2010 20:45:59
AEHEUR.DLL : 8.1.2.30 2941303 Bytes 09.10.2010 20:45:59
AEHELP.DLL : 8.1.13.4 242038 Bytes 09.10.2010 20:45:56
AEGEN.DLL : 8.1.3.23 401779 Bytes 09.10.2010 20:45:56
AEEMU.DLL : 8.1.2.0 393588 Bytes 09.10.2010 20:45:56
AECORE.DLL : 8.1.17.0 196982 Bytes 09.10.2010 20:45:55
AEBB.DLL : 8.1.1.0 53618 Bytes 09.10.2010 20:45:54
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Samstag, 9. Oktober 2010 22:51

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\SecuROM\License information\datasecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\SecuROM\License information\rkeysecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
c:\program files\mozilla firefox\firefox.exe
c:\Program Files\Mozilla Firefox\firefox.exe
[HINWEIS] Der Prozess ist nicht sichtbar.
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\firefox.exe
c:\users\jannik\appdata\local\temp\cnu.exe
c:\Users\Jannik\AppData\Local\Temp\Cnu.exe
[HINWEIS] Der Prozess ist nicht sichtbar.
c:\users\jannik\appdata\local\temp\cnu.exe
c:\users\jannik\appdata\local\temp\cnu.exe
c:\program files\adobe\reader 8.0\reader\acrord32.exe
c:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
[HINWEIS] Der Prozess ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'wmiprvse.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'NOTEPAD.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'avnotify.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Cnu.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'winhelp.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'TOSCDSPD.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'TCrdMain.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPwrMain.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmartFaceVWatchSrv.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'TUProgSt.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosIPCSrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TNaviSrv.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TempoSVC.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindServiceAE.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTDevSrv.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ClipInc-Server.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1814' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Vista>
C:\Users\Jannik\AppData\Local\Temp\jar_cache282714241942448680.tmp
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.A
--> Exploit.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.A
--> PayloadCreater.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.C
--> PayloadClassLoader.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.B
--> Payloader.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.D
--> payload.ser
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.E
C:\Users\Jannik\AppData\Local\Temp\jar_cache4805804730922064940.tmp
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnecti.A
--> cpak/Crimepack$1.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnecti.A
--> cpak/Crimepack.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStream.C
C:\Users\Jannik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\aff9319-54dca3f0
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.abj
--> U_kM5y.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.abj
--> uz_gJ_h.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Remote.B
--> VjDDB__QuwE.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.A
Beginne mit der Suche in 'E:\' <Musik>

Beginne mit der Desinfektion:
C:\Users\Jannik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\aff9319-54dca3f0
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.A
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4845547c.qua' verschoben!
C:\Users\Jannik\AppData\Local\Temp\jar_cache4805804730922064940.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStream.C
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50e67bde.qua' verschoben!
C:\Users\Jannik\AppData\Local\Temp\jar_cache282714241942448680.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/CV-2010-0094.E
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '02b92136.qua' verschoben!


Ende des Suchlaufs: Sonntag, 10. Oktober 2010 00:45
Benötigte Zeit: 1:48:17 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

32294 Verzeichnisse wurden überprüft
566861 Dateien wurden geprüft
10 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
566851 Dateien ohne Befall
7523 Archive wurden durchsucht
0 Warnungen
3 Hinweise
639028 Objekte wurden beim Rootkitscan durchsucht
9 Versteckte Objekte wurden gefunden

Alt 10.10.2010, 12:00   #2
markusg
/// Malware-holic
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
__________________


Alt 10.10.2010, 13:06   #3
BlackApe
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



EXTRA.txt
Code:
ATTFilter
OTL Extras logfile created on: 10.10.2010 12:16:36 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Jannik\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 21,52 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147,73 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JANNIK-PC
Current User Name: Jannik
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E18D23-B117-420D-B2AA-F0B15CE8F0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{11FD7180-B364-4920-BAF5-FF2B5F8F6F18}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30BB41C1-F3AC-4E73-9747-87986FE0F5EB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{31C6A118-F841-48EF-AEC5-66534B047769}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5468F44B-DEDB-49DB-AFA2-C3801CD961D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A4BF644-EAE3-4B65-AD9F-B2C4D32C683B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{68DE4D5A-F888-42CD-8AC4-AA26D00358ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75D4AD02-B6CD-4003-B7E4-8C76A0F9934F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7AB52312-C8BC-4CDD-A638-88A2666983E1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7FC26710-E40A-470D-9046-F20842041F29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8F9E89D3-6F2C-4463-9A74-A26ADE57FB1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{95D86AA1-38EE-45A6-8AA5-DF5CC1AF2BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{991D8CC6-AAF4-4D12-8475-3493676BDEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C2CC400-F76F-4EA7-9066-EA97F2737E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0E78096-8642-4D21-9435-252332C6351F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C284BDDD-9DFD-4540-8E18-FF1C4F912062}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C5EA56C9-2B59-4E2E-A8E7-1E5E48CB9D64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E3E8AC8D-917C-4F57-8335-E0670A2B9CDC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ED325330-952D-41C8-A50A-657F1CA5473C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F1D4C065-3078-4272-84FA-2689F693405F}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B102-81CB-48C8-9315-3C28F919B104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{098D2C73-49A3-4195-B58A-A10E133D5DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0B3C0EA7-7125-4A45-8F0D-D2084A72733A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{0BB98C35-A35F-4E13-8076-4BDE63A708DA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1136537E-527E-46EB-9522-1B6B30DFB42F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{249BAED9-C347-49A8-9FAC-C78DC051B339}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{26A24B84-EBA8-4029-9436-1A8DB6AE25ED}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{28F158F0-71BF-44BC-AB72-BDEBD468F8EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{2F158077-2CD2-40F7-9FE7-60B0C339184B}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{33914B44-3532-4D87-A548-7542158CB99C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe | 
"{37E16456-39D5-4EE5-9363-DFB4433B66BD}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{39BE2E97-BCB6-44EB-9EB2-2BE1DBD8EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{3DD81C62-6485-4A67-9ACC-206A72F2343F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{4DB4F8F4-F239-40F0-A2BA-F2C49F310E6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5753487A-8836-4986-A7AD-108718A28F6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5763CB4F-048E-4EA2-9041-FE0101E83E6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5ADF5357-D0EE-4D42-BBF6-438F4A607356}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5D7EEA5B-E701-44CC-98F0-4289704A3FAA}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{60AAF55F-D477-43D4-A752-E687605595DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{62D15BBA-8E39-4885-B085-4A08D5A06031}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6366DA10-BD9A-486F-AADE-D5C069C69346}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{69DE9FFB-82DA-4AFA-95B4-5BFA6C3AB567}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe | 
"{73A1FDE1-7CE7-46E6-9C04-CD12C4C2BDAD}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe | 
"{744CE7F9-3DDA-4C59-9A42-37D84E99E398}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B7F4273-EA7F-4B46-A0D8-5EB2D2E4A241}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{852915A8-71FA-4982-97EE-1C942F65A9F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{86F6D358-8E56-48F6-850B-3258190F8C47}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{8CAA9AD7-99D1-4FD8-AD41-3BCE4FC92D54}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{95849A7E-8736-4112-A6A9-E1A9B39A05B1}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe | 
"{9E9A96F1-5E9D-4F51-9151-50E13C29C6CE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{A9AD2DF9-E2D9-460F-90FF-A2F0703BE9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{AC119DAC-9164-40BE-B24F-123E01988D73}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{B478A473-5891-4E9D-974B-69E9461B692D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B54CF880-F914-4C78-9651-76D3BC44D402}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B7510037-A5A2-4B8D-97C0-8B42349AD566}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{B96125F3-7192-401C-83A7-0934C6A80B59}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{C00D1237-D8E9-4225-ACD5-E32F8A20EFDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C20D6BBE-EC82-4412-9049-F1F0C9BA98A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C36E9A4D-7CFE-4AC0-AD04-0FE2BACDA35D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{C552EF17-F71D-4F03-8B11-3A7140272913}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{D36066CC-E823-482E-A0A1-8B024E658644}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DB209344-9F86-422C-984C-8F2A4EA86266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E3236227-6349-4499-BC62-EE7CA7FB17C1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{F03EE435-0702-4725-A89B-390425D8E6D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{F7B54195-37CA-483D-872A-80AC01D037E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FEBC2869-29D8-4F58-852D-02F27DCB0BE5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"TCP Query User{0EE7C6F4-1C18-46DF-A626-F336DC6E351A}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{0F037392-DF67-4849-AD0C-309E09C698E2}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{12E31B69-1BB9-4A93-B422-116042E91493}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{189CC8B8-883C-4240-8005-E6B10B6418DC}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{4AB6E21C-F281-431C-BEA6-6FD8EFE60A79}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{696E141B-FD93-44AA-8E65-9EB39797EA23}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{73A13397-0680-4065-9A51-BF36A247A4E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{7909A2B3-1A31-4565-BD13-C8014159FB2F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{98E82FA0-08BC-4EDA-BED3-3A3725C7CF96}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{9DED8B6F-18D5-4B1E-99F2-7B0BEF2621EB}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{B624E298-7DEF-4F0B-A03B-05CBC2554BC4}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{BF15C617-40DD-4799-8164-E7349A85E2D4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{C4FE7027-A678-4E8D-BF94-7F366DCA174E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{E4DBCB24-EFB6-4C9E-BB6E-B0F15B477DF3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{EBF0AE70-1C06-4365-A25D-E25075C9A93F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{13DA6640-6F3C-4A98-B014-CFA3AA69A570}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{1B50EE0D-AC29-4B00-8CD4-0B8EECA50822}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{3157920F-5E9C-4714-9ED3-B5D556BDD7DA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{46C60F83-6462-4331-AEF9-6FC8D47FB676}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{47682FE7-6A73-4F99-A937-970D83423898}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{5900A245-90B4-4200-8F03-D961DD09B0E3}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{87663C13-BE00-4C27-9F7D-BACC9CF557A4}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{99D7087C-EFFF-4DB1-AD57-85921ADFB2ED}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{9F42E51F-1B95-464F-8050-D2519822F742}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{AAAD537B-A4D2-491C-913E-A4F4F273DCD6}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{B8BB07A7-6FB9-416E-8A29-17619E74DB2B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{D55954F3-1D13-4083-8E83-488F1FA57CB9}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{D8361BEE-BB7B-4620-B75C-2BDA7F0AAA87}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{F0EF7D23-4146-41A1-94C1-C019A45111EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{F8E2F372-2DAC-42F3-8A28-45E957CEB644}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77174991-16BF-4302-9B7D-84D95F4D8C5E}_is1" = BodyTrainer
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Counter-Strike:Source_is1" = CSS v.1.0.0.34
"DesertCombat" = DesertCombat  0.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOW RDN Tools_is1" = DOW RDN Tools
"EvilLyrics" = EvilLyrics
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monoface" = monoface XXXX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"save2pc Converter_is1" = save2pc Converter 3.45
"SoundTap" = SoundTap Streaming Audio Recorder
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Typograf" = Typograf4.8f
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Vampire Editor" = Vampire Editor
"VASSAL (3.1.13)" = VASSAL (3.1.13)
"vcmm" = Vice City Mod Manager
"VLC media player" = VLC media player 0.9.9
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WarFront" = WarFront
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"Who Dares Wins 0.23 client" = Who Dares Wins 0.23 client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"589ae65f544e918e" = Stabi-Checker
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"OnlineCodex" = OnlineCodex
"OnlineCodex WHFB" = OnlineCodex WHFB
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E18D23-B117-420D-B2AA-F0B15CE8F0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{11FD7180-B364-4920-BAF5-FF2B5F8F6F18}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30BB41C1-F3AC-4E73-9747-87986FE0F5EB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{31C6A118-F841-48EF-AEC5-66534B047769}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5468F44B-DEDB-49DB-AFA2-C3801CD961D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A4BF644-EAE3-4B65-AD9F-B2C4D32C683B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{68DE4D5A-F888-42CD-8AC4-AA26D00358ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75D4AD02-B6CD-4003-B7E4-8C76A0F9934F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7AB52312-C8BC-4CDD-A638-88A2666983E1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7FC26710-E40A-470D-9046-F20842041F29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8F9E89D3-6F2C-4463-9A74-A26ADE57FB1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{95D86AA1-38EE-45A6-8AA5-DF5CC1AF2BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{991D8CC6-AAF4-4D12-8475-3493676BDEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C2CC400-F76F-4EA7-9066-EA97F2737E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0E78096-8642-4D21-9435-252332C6351F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C284BDDD-9DFD-4540-8E18-FF1C4F912062}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C5EA56C9-2B59-4E2E-A8E7-1E5E48CB9D64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E3E8AC8D-917C-4F57-8335-E0670A2B9CDC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ED325330-952D-41C8-A50A-657F1CA5473C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F1D4C065-3078-4272-84FA-2689F693405F}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B102-81CB-48C8-9315-3C28F919B104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{098D2C73-49A3-4195-B58A-A10E133D5DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0B3C0EA7-7125-4A45-8F0D-D2084A72733A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{0BB98C35-A35F-4E13-8076-4BDE63A708DA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1136537E-527E-46EB-9522-1B6B30DFB42F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{249BAED9-C347-49A8-9FAC-C78DC051B339}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{26A24B84-EBA8-4029-9436-1A8DB6AE25ED}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{28F158F0-71BF-44BC-AB72-BDEBD468F8EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{2F158077-2CD2-40F7-9FE7-60B0C339184B}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{33914B44-3532-4D87-A548-7542158CB99C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe | 
"{37E16456-39D5-4EE5-9363-DFB4433B66BD}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{39BE2E97-BCB6-44EB-9EB2-2BE1DBD8EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{3DD81C62-6485-4A67-9ACC-206A72F2343F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{4DB4F8F4-F239-40F0-A2BA-F2C49F310E6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5753487A-8836-4986-A7AD-108718A28F6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5763CB4F-048E-4EA2-9041-FE0101E83E6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5ADF5357-D0EE-4D42-BBF6-438F4A607356}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5D7EEA5B-E701-44CC-98F0-4289704A3FAA}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{60AAF55F-D477-43D4-A752-E687605595DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{62D15BBA-8E39-4885-B085-4A08D5A06031}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6366DA10-BD9A-486F-AADE-D5C069C69346}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{69DE9FFB-82DA-4AFA-95B4-5BFA6C3AB567}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe | 
"{73A1FDE1-7CE7-46E6-9C04-CD12C4C2BDAD}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe | 
"{744CE7F9-3DDA-4C59-9A42-37D84E99E398}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B7F4273-EA7F-4B46-A0D8-5EB2D2E4A241}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{852915A8-71FA-4982-97EE-1C942F65A9F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{86F6D358-8E56-48F6-850B-3258190F8C47}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{8CAA9AD7-99D1-4FD8-AD41-3BCE4FC92D54}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{95849A7E-8736-4112-A6A9-E1A9B39A05B1}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe | 
"{9E9A96F1-5E9D-4F51-9151-50E13C29C6CE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{A9AD2DF9-E2D9-460F-90FF-A2F0703BE9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{AC119DAC-9164-40BE-B24F-123E01988D73}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{B478A473-5891-4E9D-974B-69E9461B692D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B54CF880-F914-4C78-9651-76D3BC44D402}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B7510037-A5A2-4B8D-97C0-8B42349AD566}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{B96125F3-7192-401C-83A7-0934C6A80B59}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{C00D1237-D8E9-4225-ACD5-E32F8A20EFDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C20D6BBE-EC82-4412-9049-F1F0C9BA98A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C36E9A4D-7CFE-4AC0-AD04-0FE2BACDA35D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{C552EF17-F71D-4F03-8B11-3A7140272913}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{D36066CC-E823-482E-A0A1-8B024E658644}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DB209344-9F86-422C-984C-8F2A4EA86266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E3236227-6349-4499-BC62-EE7CA7FB17C1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{F03EE435-0702-4725-A89B-390425D8E6D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{F7B54195-37CA-483D-872A-80AC01D037E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FEBC2869-29D8-4F58-852D-02F27DCB0BE5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"TCP Query User{0EE7C6F4-1C18-46DF-A626-F336DC6E351A}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{0F037392-DF67-4849-AD0C-309E09C698E2}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{12E31B69-1BB9-4A93-B422-116042E91493}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{189CC8B8-883C-4240-8005-E6B10B6418DC}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{4AB6E21C-F281-431C-BEA6-6FD8EFE60A79}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{696E141B-FD93-44AA-8E65-9EB39797EA23}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{73A13397-0680-4065-9A51-BF36A247A4E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{7909A2B3-1A31-4565-BD13-C8014159FB2F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{98E82FA0-08BC-4EDA-BED3-3A3725C7CF96}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{9DED8B6F-18D5-4B1E-99F2-7B0BEF2621EB}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{B624E298-7DEF-4F0B-A03B-05CBC2554BC4}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{BF15C617-40DD-4799-8164-E7349A85E2D4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{C4FE7027-A678-4E8D-BF94-7F366DCA174E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{E4DBCB24-EFB6-4C9E-BB6E-B0F15B477DF3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{EBF0AE70-1C06-4365-A25D-E25075C9A93F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{13DA6640-6F3C-4A98-B014-CFA3AA69A570}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{1B50EE0D-AC29-4B00-8CD4-0B8EECA50822}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{3157920F-5E9C-4714-9ED3-B5D556BDD7DA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{46C60F83-6462-4331-AEF9-6FC8D47FB676}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{47682FE7-6A73-4F99-A937-970D83423898}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{5900A245-90B4-4200-8F03-D961DD09B0E3}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{87663C13-BE00-4C27-9F7D-BACC9CF557A4}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{99D7087C-EFFF-4DB1-AD57-85921ADFB2ED}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{9F42E51F-1B95-464F-8050-D2519822F742}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{AAAD537B-A4D2-491C-913E-A4F4F273DCD6}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{B8BB07A7-6FB9-416E-8A29-17619E74DB2B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{D55954F3-1D13-4083-8E83-488F1FA57CB9}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{D8361BEE-BB7B-4620-B75C-2BDA7F0AAA87}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{F0EF7D23-4146-41A1-94C1-C019A45111EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{F8E2F372-2DAC-42F3-8A28-45E957CEB644}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77174991-16BF-4302-9B7D-84D95F4D8C5E}_is1" = BodyTrainer
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Counter-Strike:Source_is1" = CSS v.1.0.0.34
"DesertCombat" = DesertCombat  0.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOW RDN Tools_is1" = DOW RDN Tools
"EvilLyrics" = EvilLyrics
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monoface" = monoface XXXX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"save2pc Converter_is1" = save2pc Converter 3.45
"SoundTap" = SoundTap Streaming Audio Recorder
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Typograf" = Typograf4.8f
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Vampire Editor" = Vampire Editor
"VASSAL (3.1.13)" = VASSAL (3.1.13)
"vcmm" = Vice City Mod Manager
"VLC media player" = VLC media player 0.9.9
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WarFront" = WarFront
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"Who Dares Wins 0.23 client" = Who Dares Wins 0.23 client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"589ae65f544e918e" = Stabi-Checker
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"OnlineCodex" = OnlineCodex
"OnlineCodex WHFB" = OnlineCodex WHFB
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E18D23-B117-420D-B2AA-F0B15CE8F0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{11FD7180-B364-4920-BAF5-FF2B5F8F6F18}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30BB41C1-F3AC-4E73-9747-87986FE0F5EB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{31C6A118-F841-48EF-AEC5-66534B047769}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5468F44B-DEDB-49DB-AFA2-C3801CD961D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A4BF644-EAE3-4B65-AD9F-B2C4D32C683B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{68DE4D5A-F888-42CD-8AC4-AA26D00358ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75D4AD02-B6CD-4003-B7E4-8C76A0F9934F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7AB52312-C8BC-4CDD-A638-88A2666983E1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7FC26710-E40A-470D-9046-F20842041F29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8F9E89D3-6F2C-4463-9A74-A26ADE57FB1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{95D86AA1-38EE-45A6-8AA5-DF5CC1AF2BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{991D8CC6-AAF4-4D12-8475-3493676BDEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C2CC400-F76F-4EA7-9066-EA97F2737E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0E78096-8642-4D21-9435-252332C6351F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C284BDDD-9DFD-4540-8E18-FF1C4F912062}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C5EA56C9-2B59-4E2E-A8E7-1E5E48CB9D64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E3E8AC8D-917C-4F57-8335-E0670A2B9CDC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ED325330-952D-41C8-A50A-657F1CA5473C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F1D4C065-3078-4272-84FA-2689F693405F}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B102-81CB-48C8-9315-3C28F919B104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{098D2C73-49A3-4195-B58A-A10E133D5DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0B3C0EA7-7125-4A45-8F0D-D2084A72733A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{0BB98C35-A35F-4E13-8076-4BDE63A708DA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1136537E-527E-46EB-9522-1B6B30DFB42F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{249BAED9-C347-49A8-9FAC-C78DC051B339}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{26A24B84-EBA8-4029-9436-1A8DB6AE25ED}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{28F158F0-71BF-44BC-AB72-BDEBD468F8EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{2F158077-2CD2-40F7-9FE7-60B0C339184B}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{33914B44-3532-4D87-A548-7542158CB99C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe | 
"{37E16456-39D5-4EE5-9363-DFB4433B66BD}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{39BE2E97-BCB6-44EB-9EB2-2BE1DBD8EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{3DD81C62-6485-4A67-9ACC-206A72F2343F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{4DB4F8F4-F239-40F0-A2BA-F2C49F310E6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5753487A-8836-4986-A7AD-108718A28F6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5763CB4F-048E-4EA2-9041-FE0101E83E6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5ADF5357-D0EE-4D42-BBF6-438F4A607356}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5D7EEA5B-E701-44CC-98F0-4289704A3FAA}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{60AAF55F-D477-43D4-A752-E687605595DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{62D15BBA-8E39-4885-B085-4A08D5A06031}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6366DA10-BD9A-486F-AADE-D5C069C69346}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{69DE9FFB-82DA-4AFA-95B4-5BFA6C3AB567}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe | 
"{73A1FDE1-7CE7-46E6-9C04-CD12C4C2BDAD}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe | 
"{744CE7F9-3DDA-4C59-9A42-37D84E99E398}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B7F4273-EA7F-4B46-A0D8-5EB2D2E4A241}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{852915A8-71FA-4982-97EE-1C942F65A9F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{86F6D358-8E56-48F6-850B-3258190F8C47}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{8CAA9AD7-99D1-4FD8-AD41-3BCE4FC92D54}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{95849A7E-8736-4112-A6A9-E1A9B39A05B1}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe | 
"{9E9A96F1-5E9D-4F51-9151-50E13C29C6CE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{A9AD2DF9-E2D9-460F-90FF-A2F0703BE9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{AC119DAC-9164-40BE-B24F-123E01988D73}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{B478A473-5891-4E9D-974B-69E9461B692D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B54CF880-F914-4C78-9651-76D3BC44D402}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B7510037-A5A2-4B8D-97C0-8B42349AD566}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{B96125F3-7192-401C-83A7-0934C6A80B59}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{C00D1237-D8E9-4225-ACD5-E32F8A20EFDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C20D6BBE-EC82-4412-9049-F1F0C9BA98A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C36E9A4D-7CFE-4AC0-AD04-0FE2BACDA35D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{C552EF17-F71D-4F03-8B11-3A7140272913}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{D36066CC-E823-482E-A0A1-8B024E658644}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DB209344-9F86-422C-984C-8F2A4EA86266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E3236227-6349-4499-BC62-EE7CA7FB17C1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{F03EE435-0702-4725-A89B-390425D8E6D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{F7B54195-37CA-483D-872A-80AC01D037E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FEBC2869-29D8-4F58-852D-02F27DCB0BE5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"TCP Query User{0EE7C6F4-1C18-46DF-A626-F336DC6E351A}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{0F037392-DF67-4849-AD0C-309E09C698E2}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{12E31B69-1BB9-4A93-B422-116042E91493}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{189CC8B8-883C-4240-8005-E6B10B6418DC}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{4AB6E21C-F281-431C-BEA6-6FD8EFE60A79}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{696E141B-FD93-44AA-8E65-9EB39797EA23}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{73A13397-0680-4065-9A51-BF36A247A4E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{7909A2B3-1A31-4565-BD13-C8014159FB2F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{98E82FA0-08BC-4EDA-BED3-3A3725C7CF96}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{9DED8B6F-18D5-4B1E-99F2-7B0BEF2621EB}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{B624E298-7DEF-4F0B-A03B-05CBC2554BC4}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{BF15C617-40DD-4799-8164-E7349A85E2D4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{C4FE7027-A678-4E8D-BF94-7F366DCA174E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{E4DBCB24-EFB6-4C9E-BB6E-B0F15B477DF3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{EBF0AE70-1C06-4365-A25D-E25075C9A93F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{13DA6640-6F3C-4A98-B014-CFA3AA69A570}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{1B50EE0D-AC29-4B00-8CD4-0B8EECA50822}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{3157920F-5E9C-4714-9ED3-B5D556BDD7DA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{46C60F83-6462-4331-AEF9-6FC8D47FB676}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{47682FE7-6A73-4F99-A937-970D83423898}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{5900A245-90B4-4200-8F03-D961DD09B0E3}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{87663C13-BE00-4C27-9F7D-BACC9CF557A4}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{99D7087C-EFFF-4DB1-AD57-85921ADFB2ED}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{9F42E51F-1B95-464F-8050-D2519822F742}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{AAAD537B-A4D2-491C-913E-A4F4F273DCD6}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{B8BB07A7-6FB9-416E-8A29-17619E74DB2B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{D55954F3-1D13-4083-8E83-488F1FA57CB9}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{D8361BEE-BB7B-4620-B75C-2BDA7F0AAA87}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{F0EF7D23-4146-41A1-94C1-C019A45111EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{F8E2F372-2DAC-42F3-8A28-45E957CEB644}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77174991-16BF-4302-9B7D-84D95F4D8C5E}_is1" = BodyTrainer
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Counter-Strike:Source_is1" = CSS v.1.0.0.34
"DesertCombat" = DesertCombat  0.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOW RDN Tools_is1" = DOW RDN Tools
"EvilLyrics" = EvilLyrics
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monoface" = monoface XXXX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"save2pc Converter_is1" = save2pc Converter 3.45
"SoundTap" = SoundTap Streaming Audio Recorder
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Typograf" = Typograf4.8f
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Vampire Editor" = Vampire Editor
"VASSAL (3.1.13)" = VASSAL (3.1.13)
"vcmm" = Vice City Mod Manager
"VLC media player" = VLC media player 0.9.9
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WarFront" = WarFront
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"Who Dares Wins 0.23 client" = Who Dares Wins 0.23 client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"589ae65f544e918e" = Stabi-Checker
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"OnlineCodex" = OnlineCodex
"OnlineCodex WHFB" = OnlineCodex WHFB
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E18D23-B117-420D-B2AA-F0B15CE8F0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{11FD7180-B364-4920-BAF5-FF2B5F8F6F18}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30BB41C1-F3AC-4E73-9747-87986FE0F5EB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{31C6A118-F841-48EF-AEC5-66534B047769}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5468F44B-DEDB-49DB-AFA2-C3801CD961D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A4BF644-EAE3-4B65-AD9F-B2C4D32C683B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{68DE4D5A-F888-42CD-8AC4-AA26D00358ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75D4AD02-B6CD-4003-B7E4-8C76A0F9934F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7AB52312-C8BC-4CDD-A638-88A2666983E1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7FC26710-E40A-470D-9046-F20842041F29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8F9E89D3-6F2C-4463-9A74-A26ADE57FB1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{95D86AA1-38EE-45A6-8AA5-DF5CC1AF2BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{991D8CC6-AAF4-4D12-8475-3493676BDEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C2CC400-F76F-4EA7-9066-EA97F2737E75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0E78096-8642-4D21-9435-252332C6351F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C284BDDD-9DFD-4540-8E18-FF1C4F912062}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C5EA56C9-2B59-4E2E-A8E7-1E5E48CB9D64}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E3E8AC8D-917C-4F57-8335-E0670A2B9CDC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ED325330-952D-41C8-A50A-657F1CA5473C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F1D4C065-3078-4272-84FA-2689F693405F}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B102-81CB-48C8-9315-3C28F919B104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{098D2C73-49A3-4195-B58A-A10E133D5DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0B3C0EA7-7125-4A45-8F0D-D2084A72733A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{0BB98C35-A35F-4E13-8076-4BDE63A708DA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1136537E-527E-46EB-9522-1B6B30DFB42F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{249BAED9-C347-49A8-9FAC-C78DC051B339}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{26A24B84-EBA8-4029-9436-1A8DB6AE25ED}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{28F158F0-71BF-44BC-AB72-BDEBD468F8EF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{2F158077-2CD2-40F7-9FE7-60B0C339184B}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{33914B44-3532-4D87-A548-7542158CB99C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe | 
"{37E16456-39D5-4EE5-9363-DFB4433B66BD}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{39BE2E97-BCB6-44EB-9EB2-2BE1DBD8EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{3DD81C62-6485-4A67-9ACC-206A72F2343F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{4DB4F8F4-F239-40F0-A2BA-F2C49F310E6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5753487A-8836-4986-A7AD-108718A28F6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5763CB4F-048E-4EA2-9041-FE0101E83E6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5ADF5357-D0EE-4D42-BBF6-438F4A607356}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5D7EEA5B-E701-44CC-98F0-4289704A3FAA}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{60AAF55F-D477-43D4-A752-E687605595DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{62D15BBA-8E39-4885-B085-4A08D5A06031}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6366DA10-BD9A-486F-AADE-D5C069C69346}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{69DE9FFB-82DA-4AFA-95B4-5BFA6C3AB567}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe | 
"{73A1FDE1-7CE7-46E6-9C04-CD12C4C2BDAD}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe | 
"{744CE7F9-3DDA-4C59-9A42-37D84E99E398}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B7F4273-EA7F-4B46-A0D8-5EB2D2E4A241}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{852915A8-71FA-4982-97EE-1C942F65A9F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{86F6D358-8E56-48F6-850B-3258190F8C47}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{8CAA9AD7-99D1-4FD8-AD41-3BCE4FC92D54}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{95849A7E-8736-4112-A6A9-E1A9B39A05B1}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe | 
"{9E9A96F1-5E9D-4F51-9151-50E13C29C6CE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{A9AD2DF9-E2D9-460F-90FF-A2F0703BE9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{AC119DAC-9164-40BE-B24F-123E01988D73}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{B478A473-5891-4E9D-974B-69E9461B692D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B54CF880-F914-4C78-9651-76D3BC44D402}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B7510037-A5A2-4B8D-97C0-8B42349AD566}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{B96125F3-7192-401C-83A7-0934C6A80B59}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{C00D1237-D8E9-4225-ACD5-E32F8A20EFDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C20D6BBE-EC82-4412-9049-F1F0C9BA98A5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C36E9A4D-7CFE-4AC0-AD04-0FE2BACDA35D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{C552EF17-F71D-4F03-8B11-3A7140272913}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{D36066CC-E823-482E-A0A1-8B024E658644}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DB209344-9F86-422C-984C-8F2A4EA86266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E3236227-6349-4499-BC62-EE7CA7FB17C1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{F03EE435-0702-4725-A89B-390425D8E6D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{F7B54195-37CA-483D-872A-80AC01D037E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FEBC2869-29D8-4F58-852D-02F27DCB0BE5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"TCP Query User{0EE7C6F4-1C18-46DF-A626-F336DC6E351A}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{0F037392-DF67-4849-AD0C-309E09C698E2}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{12E31B69-1BB9-4A93-B422-116042E91493}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{189CC8B8-883C-4240-8005-E6B10B6418DC}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{4AB6E21C-F281-431C-BEA6-6FD8EFE60A79}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{696E141B-FD93-44AA-8E65-9EB39797EA23}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{73A13397-0680-4065-9A51-BF36A247A4E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{7909A2B3-1A31-4565-BD13-C8014159FB2F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{98E82FA0-08BC-4EDA-BED3-3A3725C7CF96}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{9DED8B6F-18D5-4B1E-99F2-7B0BEF2621EB}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{B624E298-7DEF-4F0B-A03B-05CBC2554BC4}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{BF15C617-40DD-4799-8164-E7349A85E2D4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{C4FE7027-A678-4E8D-BF94-7F366DCA174E}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{E4DBCB24-EFB6-4C9E-BB6E-B0F15B477DF3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{EBF0AE70-1C06-4365-A25D-E25075C9A93F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{13DA6640-6F3C-4A98-B014-CFA3AA69A570}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{1B50EE0D-AC29-4B00-8CD4-0B8EECA50822}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{3157920F-5E9C-4714-9ED3-B5D556BDD7DA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{46C60F83-6462-4331-AEF9-6FC8D47FB676}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{47682FE7-6A73-4F99-A937-970D83423898}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{5900A245-90B4-4200-8F03-D961DD09B0E3}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{87663C13-BE00-4C27-9F7D-BACC9CF557A4}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{99D7087C-EFFF-4DB1-AD57-85921ADFB2ED}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{9F42E51F-1B95-464F-8050-D2519822F742}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{AAAD537B-A4D2-491C-913E-A4F4F273DCD6}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{B8BB07A7-6FB9-416E-8A29-17619E74DB2B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{D55954F3-1D13-4083-8E83-488F1FA57CB9}C:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{D8361BEE-BB7B-4620-B75C-2BDA7F0AAA87}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{F0EF7D23-4146-41A1-94C1-C019A45111EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{F8E2F372-2DAC-42F3-8A28-45E957CEB644}C:\program files\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1" = Alnera FeedBuster
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77174991-16BF-4302-9B7D-84D95F4D8C5E}_is1" = BodyTrainer
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Counter-Strike:Source_is1" = CSS v.1.0.0.34
"DesertCombat" = DesertCombat  0.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DOW RDN Tools_is1" = DOW RDN Tools
"EvilLyrics" = EvilLyrics
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"KraiSoft Games Launcher" = KraiSoft Games Launcher
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monoface" = monoface XXXX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"save2pc Converter_is1" = save2pc Converter 3.45
"SoundTap" = SoundTap Streaming Audio Recorder
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Typograf" = Typograf4.8f
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Vampire Editor" = Vampire Editor
"VASSAL (3.1.13)" = VASSAL (3.1.13)
"vcmm" = Vice City Mod Manager
"VLC media player" = VLC media player 0.9.9
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WarFront" = WarFront
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"Who Dares Wins 0.23 client" = Who Dares Wins 0.23 client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"ZENcast Organizer" = ZENcast Organizer
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"589ae65f544e918e" = Stabi-Checker
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Move Media Player" = Move Media Player
"OnlineCodex" = OnlineCodex
"OnlineCodex WHFB" = OnlineCodex WHFB
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
__________________

Alt 10.10.2010, 13:07   #4
BlackApe
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



OTL.txt
Code:
ATTFilter
OTL logfile created on: 10.10.2010 12:16:36 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Jannik\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 21,52 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147,73 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JANNIK-PC
Current User Name: Jannik
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jannik\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jannik\AppData\Local\Temp\Cnu.exe (Borland International)
PRC - C:\Users\Public\Documents\Windows\winhelp.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Programme\VideoLAN\VLC\vlc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jannik\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (CTDevice_Srv) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1}:1.9.1
FF - prefs.js..extensions.enabledItems: {a3f3e150-ef43-11de-8a39-0800200c9a66}:3.6
FF - prefs.js..keyword.URL: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=8BHxn8ZFdUKHS9Ke.Akwrg&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.09 18:53:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.09 18:53:28 | 000,000,000 | ---D | M]
 
[2009.04.11 16:08:13 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\mozilla\Extensions
[2010.10.10 12:12:55 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions
[2010.06.25 10:45:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.07 00:29:41 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}
[2010.06.25 10:45:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.06.25 10:45:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.19 18:01:07 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\anttoolbar@ant.com
[2010.07.07 00:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010.07.07 00:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.07.07 00:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010.07.07 00:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jannik\AppData\Roaming\mozilla\Firefox\Profiles\t9rhmqzv.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2010.03.23 16:36:14 | 000,001,967 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\ardapedia-de.xml
[2010.10.09 23:00:52 | 000,002,122 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\chip-online-suche.xml
[2009.04.13 14:52:59 | 000,002,665 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\collectr.xml
[2010.10.09 12:00:02 | 000,001,056 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\icqplugin.xml
[2010.04.18 10:17:00 | 000,003,181 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\kinoto.xml
[2009.11.24 19:07:22 | 000,007,212 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\lexicanum-de.xml
[2009.09.17 22:16:42 | 000,002,037 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\simpsonspedia-deutsch.xml
[2009.05.10 00:22:43 | 000,001,194 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\stupidedia-de.xml
[2009.10.31 12:32:07 | 000,002,639 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\wiki-aventurica-de.xml
[2009.04.14 21:21:04 | 000,000,945 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Mozilla\FireFox\Profiles\t9rhmqzv.default\searchplugins\youtube-videosuche.xml
[2010.10.09 18:53:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.04.11 22:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [ClipIncSrvTray] C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [FeedBuster] C:\Program Files\Alnera\FeedBuster\FeedBuster.exe File not found
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Fgefizajifoh] C:\Users\Jannik\AppData\Local\asiyulidemawixor.DLL (VoLT, 2010)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [iashsdtc] C:\Users\Jannik\AppData\Local\Temp\LocaStub.DLL ()
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [KOO9RV9K4Z] C:\Users\Jannik\AppData\Local\Temp\Cnu.exe (Borland International)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Metropolis] C:\Users\Jannik\AppData\Local\Temp\sshnas21.DLL (Borland International)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Rbidog] C:\Users\Jannik\AppData\Local\xULevsb.DLL ()
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [SMH2B46TDP] C:\Users\Jannik\AppData\Local\Temp\Cns.exe (Borland International)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [TOSCDSPD]  File not found
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (ZTX)
O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE File not found
O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O24 - Desktop WallPaper: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8c6a3876-cbb3-11de-8a4b-001e339de0ee}\Shell\AutoRun\command - "" = programm.exe
O33 - MountPoints2\{b9938341-7449-11de-a4f3-001e339de0ee}\Shell - "" = Autorun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.10 00:51:26 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1}
[2010.10.09 22:49:37 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Roaming\Avira
[2010.10.09 19:47:59 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.09 19:47:59 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.10.09 19:47:59 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.10.09 19:47:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.10.09 19:47:59 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.10.09 19:47:58 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.09 19:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.09 16:17:43 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.10.09 16:17:41 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.10.09 16:17:22 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE
[2010.10.05 18:57:20 | 000,000,000 | ---D | C] -- C:\Users\Jannik\Documents\ZENcast
[2010.10.05 18:52:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2010.10.05 18:51:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B67754EF-0BFC-493C-AD53-F5A9559F1E49}
[2010.10.05 18:01:00 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Roaming\Alnera
[2010.10.02 14:25:57 | 000,000,000 | ---D | C] -- C:\Programme\Trebaxa
[2010.09.29 14:44:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.22 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\Jannik\Desktop\Bodybuilding
[2010.09.18 12:19:57 | 000,000,000 | ---D | C] -- C:\Users\Jannik\mods
[2010.09.15 16:10:22 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.14 19:32:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.09.12 17:35:27 | 000,000,000 | ---D | C] -- C:\Users\Jannik\Desktop\video
[2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2008.01.21 04:24:21 | 000,197,120 | ---- | C] (VoLT, 2010) -- C:\Users\Jannik\AppData\Local\asiyulidemawixor.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.10 12:21:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.10 12:21:02 | 002,621,440 | -HS- | M] () -- C:\Users\Jannik\ntuser.dat
[2010.10.10 12:21:02 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.10 12:19:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CA065216-DD17-454D-B3FB-93DA2E515D71}.job
[2010.10.10 12:11:54 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.10.10 12:10:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.10 12:10:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.10 12:10:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.10 00:51:27 | 000,000,120 | ---- | M] () -- C:\Users\Jannik\AppData\Local\Rpixebop.dat
[2010.10.10 00:51:27 | 000,000,000 | ---- | M] () -- C:\Users\Jannik\AppData\Local\Gpejumokabadebir.bin
[2010.10.09 20:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.09 19:48:02 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.09 19:00:16 | 001,447,792 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.09 19:00:16 | 000,628,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.09 19:00:16 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.09 19:00:16 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.09 19:00:16 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.09 18:55:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.09 18:55:50 | 3219,120,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.09 18:54:03 | 000,524,288 | -HS- | M] () -- C:\Users\Jannik\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.10.09 18:54:03 | 000,065,536 | -HS- | M] () -- C:\Users\Jannik\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.09 18:54:00 | 002,831,688 | -H-- | M] () -- C:\Users\Jannik\AppData\Local\IconCache.db
[2010.10.09 18:53:29 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.09 16:17:59 | 000,000,135 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\asdsada.bat
[2010.10.09 16:17:53 | 000,000,020 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\cnmkat.dat
[2010.10.09 16:17:49 | 000,000,004 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\avdrn.dat
[2010.10.07 20:18:58 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jannik.job
[2010.09.23 16:11:17 | 000,019,132 | ---- | M] () -- C:\Users\Jannik\Documents\KursfahrtAnmeldung.pdf
[2010.09.21 18:13:16 | 000,937,018 | ---- | M] () -- C:\Users\Jannik\Desktop\14.gif
[2010.09.19 00:53:00 | 000,037,330 | ---- | M] () -- C:\Users\Jannik\helden.zip.hld
[2010.09.19 00:53:00 | 000,005,628 | ---- | M] () -- C:\Users\Jannik\.heldEinstellungen4_1.xml
[2010.09.19 00:42:37 | 000,034,462 | ---- | M] () -- C:\Users\Jannik\helden.zip.hld.ok
[2010.09.19 00:42:35 | 000,000,240 | ---- | M] () -- C:\Users\Jannik\.dsa4.properties
[2010.09.16 16:32:08 | 000,200,192 | ---- | M] () -- C:\Users\Jannik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.10 00:51:27 | 000,000,120 | ---- | C] () -- C:\Users\Jannik\AppData\Local\Rpixebop.dat
[2010.10.10 00:51:27 | 000,000,000 | ---- | C] () -- C:\Users\Jannik\AppData\Local\Gpejumokabadebir.bin
[2010.10.09 22:58:44 | 000,010,457 | ---- | C] () -- C:\Users\Jannik\hijackthis.log
[2010.10.09 19:48:02 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.09 18:53:29 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.09 16:18:12 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.09 16:17:59 | 000,000,135 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\asdsada.bat
[2010.10.09 16:17:52 | 000,000,020 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\cnmkat.dat
[2010.10.09 16:17:49 | 000,000,004 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\avdrn.dat
[2010.09.23 16:11:17 | 000,019,132 | ---- | C] () -- C:\Users\Jannik\Documents\KursfahrtAnmeldung.pdf
[2010.09.21 18:13:15 | 000,937,018 | ---- | C] () -- C:\Users\Jannik\Desktop\14.gif
[2010.05.09 13:18:37 | 000,027,136 | ---- | C] () -- C:\Windows\System32\QTUninst.dll
[2010.01.26 21:52:36 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.17 20:01:51 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.09 13:41:42 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.10.09 13:41:42 | 000,139,152 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\PnkBstrK.sys
[2009.10.07 14:51:10 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.10.07 14:49:26 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.06.21 15:43:39 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2009.06.21 15:43:39 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2009.05.30 17:19:02 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.05.30 17:19:02 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.05.30 17:19:02 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.05.30 17:09:46 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.05.21 18:45:12 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.05.04 17:32:26 | 000,000,094 | ---- | C] () -- C:\Users\Jannik\AppData\Local\fusioncache.dat
[2009.04.24 19:43:09 | 000,007,052 | ---- | C] () -- C:\Users\Jannik\AppData\Local\d3d9caps.dat
[2009.04.21 14:16:01 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.04.15 09:28:37 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.04.13 12:48:34 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009.04.11 21:10:40 | 000,000,016 | -H-- | C] () -- C:\Users\Jannik\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.04.11 21:10:40 | 000,000,016 | -H-- | C] () -- C:\Users\Jannik\AppData\Local\mxfilerelatedcache.mxc2
[2009.04.11 20:36:05 | 000,000,176 | ---- | C] () -- C:\Users\Jannik\AppData\Roaming\wklnhst.dat
[2009.04.11 17:46:31 | 000,200,192 | ---- | C] () -- C:\Users\Jannik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2008.08.04 12:30:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.07.03 11:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.07.03 11:27:11 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.07.03 11:17:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.07.03 11:17:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.07.03 11:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.07.03 11:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.07.03 11:17:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.07.03 11:17:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.07.03 10:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.07.03 09:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 04:24:21 | 000,080,384 | ---- | C] () -- C:\Users\Jannik\AppData\Local\xULevsb.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2000.02.10 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2009.05.23 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BITS
[2010.10.09 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE
[2010.10.05 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Alnera
[2009.04.13 12:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Any Video Converter Professional
[2009.06.06 18:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Ashampoo
[2009.09.01 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\BITS
[2010.01.26 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\DAEMON Tools Lite
[2010.06.16 20:20:24 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\gtk-2.0
[2010.10.09 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\ICQ
[2010.04.23 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Leadertech
[2009.09.23 18:11:14 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\LiveCAD2
[2009.04.18 23:34:46 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Magic Set Editor
[2009.10.07 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\MAGIX
[2010.03.23 13:36:50 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.04.13 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2009.09.14 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.04.12 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\My Battle for Middle-earth Files
[2009.04.11 16:35:20 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\myphotobook
[2009.10.11 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\NCH Swift Sound
[2009.04.21 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\OpenOffice.org
[2009.09.26 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Template
[2009.05.21 18:45:31 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Tobit
[2009.04.29 21:42:44 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Toshiba
[2009.11.05 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\TuneUp Software
[2009.04.21 13:54:43 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Typograf
[2010.05.08 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Uniblue
[2010.08.20 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Unity
[2009.07.29 15:20:41 | 000,000,000 | ---D | M] -- C:\Users\Twilight\AppData\Roaming\BITS
[2009.06.20 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Twilight\AppData\Roaming\ICQ
[2010.10.10 12:11:54 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.10.09 18:54:04 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.10.10 12:19:59 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CA065216-DD17-454D-B3FB-93DA2E515D71}.job
[2010.10.10 12:21:02 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.09 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE
[2009.04.11 16:15:09 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Adobe
[2010.10.05 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Alnera
[2009.04.13 12:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Any Video Converter Professional
[2010.09.16 16:26:02 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Apple Computer
[2009.06.06 18:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Ashampoo
[2009.04.11 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\ATI
[2010.10.09 22:49:37 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Avira
[2009.04.13 12:13:51 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\AVS4YOU
[2009.09.01 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\BITS
[2010.05.12 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Creative
[2010.01.26 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\DAEMON Tools Lite
[2009.04.25 10:11:08 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\DivX
[2010.09.28 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\dvdcss
[2010.05.19 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\FastStone
[2009.04.11 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Google
[2010.06.16 20:20:24 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\gtk-2.0
[2010.10.09 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\ICQ
[2009.04.11 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Identities
[2009.04.11 14:06:54 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\InstallShield
[2010.06.26 15:34:22 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\InstallShield Installation Information
[2010.04.23 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Leadertech
[2009.09.23 18:11:14 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\LiveCAD2
[2009.04.11 16:15:09 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Macromedia
[2009.04.18 23:34:46 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Magic Set Editor
[2009.10.07 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\MAGIX
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Media Center Programs
[2010.03.23 13:36:50 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.04.13 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2009.09.14 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.11.17 16:36:12 | 000,000,000 | --SD | M] -- C:\Users\Jannik\AppData\Roaming\Microsoft
[2010.04.09 07:59:26 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Move Networks
[2009.04.11 16:08:13 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Mozilla
[2009.04.12 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\My Battle for Middle-earth Files
[2009.04.11 16:35:20 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\myphotobook
[2009.11.17 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\NCH Software
[2009.10.11 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\NCH Swift Sound
[2009.04.21 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\OpenOffice.org
[2009.10.08 18:56:30 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\SecuROM
[2009.09.26 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Template
[2009.05.21 18:45:31 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Tobit
[2009.04.29 21:42:44 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Toshiba
[2009.11.05 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\TuneUp Software
[2009.04.21 13:54:43 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Typograf
[2010.05.08 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Uniblue
[2010.08.20 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Unity
[2009.04.13 12:12:11 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\vlc
[2009.04.19 11:33:17 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.26 14:48:03 | 000,331,776 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe
[2010.05.07 19:08:25 | 000,006,144 | R--- | M] () -- C:\Users\Jannik\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe
[2010.05.07 19:08:25 | 000,011,264 | R--- | M] () -- C:\Users\Jannik\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe
[2010.05.07 19:08:25 | 000,008,192 | R--- | M] () -- C:\Users\Jannik\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe
[2008.01.21 04:23:50 | 000,037,376 | R-S- | M] (ZTX) -- C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe
[2010.04.09 07:59:26 | 000,144,053 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2007.01.01 18:01:25 | 000,009,728 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\myphotobook\xtras\localVista.exe
[2007.01.08 10:34:46 | 000,006,656 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\myphotobook\xtras\localXP.exe
[2006.12.21 13:16:20 | 000,021,504 | ---- | M] (Optimum X) -- C:\Users\Jannik\AppData\Roaming\myphotobook\xtras\shellExecute.exe
[2006.12.21 13:16:15 | 000,009,216 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\myphotobook\xtras\sleep.exe
[2008.02.13 09:07:36 | 000,405,504 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\NCH Software\Components\aacdec2\aacdec2.exe
[2008.02.13 09:07:36 | 000,393,216 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe
[2007.10.04 11:32:50 | 000,299,008 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\NCH Software\Components\amrenc2\amrenc2.exe
[2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
 
< %SYSTEMDRIVE%\*.exe >
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.01.26 21:52:37 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >
         
hier bitte

Alt 10.10.2010, 14:15   #5
markusg
/// Malware-holic
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



• Starte bitte die OTL.exe.
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\Jannik\AppData\Local\Temp\Cnu.exe (Borland International)
PRC - C:\Users\Public\Documents\Windows\winhelp.exe ()
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
O2 - BHO: (no name) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - No CLSID value found
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [FeedBuster] C:\Program Files\Alnera\FeedBuster\FeedBuster.exe File not found
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Fgefizajifoh] C:\Users\Jannik\AppData\Local\asiyulidemawixor.DLL (VoLT, 2010)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [iashsdtc] C:\Users\Jannik\AppData\Local\Temp\LocaStub.DLL ()
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [KOO9RV9K4Z] C:\Users\Jannik\AppData\Local\Temp\Cnu.exe (Borland International)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Metropolis] C:\Users\Jannik\AppData\Local\Temp\sshnas21.DLL (Borland International)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [Rbidog] C:\Users\Jannik\AppData\Local\xULevsb.DLL ()
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [SMH2B46TDP] C:\Users\Jannik\AppData\Local\Temp\Cns.exe (Borland International)
O4 - HKU\S-1-5-21-3022767743-2744068324-2558049244-1000..\Run: [TOSCDSPD] File not found
O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe (ZTX)
[2010.10.10 00:51:26 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1}
[2010.10.09 16:17:43 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.10.09 16:17:41 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.10.09 16:17:22 | 000,000,000 | ---D | C] -- C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE
[2010.10.10 12:21:02 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.10 00:51:27 | 000,000,120 | ---- | M] () -- C:\Users\Jannik\AppData\Local\Rpixebop.dat
[2010.10.10 00:51:27 | 000,000,000 | ---- | M] () -- C:\Users\Jannik\AppData\Local\Gpejumokabadebir.bin
[2010.10.09 16:17:59 | 000,000,135 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\asdsada.bat
[2010.10.09 16:17:53 | 000,000,020 | ---- | M] () -- C:\Users\Jannik\AppData\Roaming\cnmkat.dat
:FILES
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten


öffne mein computer, c:\_OTL rechtsklick auf moved files und zu moved files.rar oder zip hinzufügen.
archiv zu uns hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html


Alt 10.10.2010, 14:41   #6
BlackApe
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



Erstmal das Text-dokument:

Code:
ATTFilter
All processes killed
========== OTL ==========
Process Cnu.exe killed successfully!
No active process named winhelp.exe was found!
Service TOSHIBA Bluetooth Service stopped successfully!
Service TOSHIBA Bluetooth Service deleted successfully!
File  c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Service igfx stopped successfully!
Service igfx deleted successfully!
File  C:\Windows\System32\DRIVERS\igdkmd32.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FeedBuster deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fgefizajifoh deleted successfully.
C:\Users\Jannik\AppData\Local\asiyulidemawixor.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iashsdtc deleted successfully.
C:\Users\Jannik\AppData\Local\Temp\LocaStub.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KOO9RV9K4Z deleted successfully.
C:\Users\Jannik\AppData\Local\Temp\Cnu.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Metropolis deleted successfully.
C:\Users\Jannik\AppData\Local\Temp\sshnas21.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Rbidog deleted successfully.
C:\Users\Jannik\AppData\Local\xULevsb.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SMH2B46TDP deleted successfully.
C:\Users\Jannik\AppData\Local\Temp\Cns.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully.
C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\algdyw32.exe moved successfully.
C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1}\chrome\content folder moved successfully.
C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1}\chrome folder moved successfully.
C:\Users\Jannik\AppData\Local\{A4F55CF6-A86B-4881-8EAF-1B8B33A96DB1} folder moved successfully.
C:\Users\Public\Documents\Windows folder moved successfully.
C:\Users\Public\Documents\Server folder moved successfully.
C:\Users\Jannik\AppData\Roaming\22ED443D220FA022E648BB15A2D6E3BE folder moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Users\Jannik\AppData\Local\Rpixebop.dat moved successfully.
C:\Users\Jannik\AppData\Local\Gpejumokabadebir.bin moved successfully.
C:\Users\Jannik\AppData\Roaming\asdsada.bat moved successfully.
C:\Users\Jannik\AppData\Roaming\cnmkat.dat moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Default
 
User: Gast
->Flash cache emptied: 7858 bytes
 
User: Jannik
->Flash cache emptied: 12523 bytes
 
User: Public
 
User: TEMP
 
User: Twilight
->Flash cache emptied: 3714 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 148205 bytes
->Temporary Internet Files folder emptied: 49029120 bytes
->Java cache emptied: 25801315 bytes
->FireFox cache emptied: 73846218 bytes
->Flash cache emptied: 0 bytes
 
User: Jannik
->Temp folder emptied: 2309086 bytes
->Temporary Internet Files folder emptied: 3283462 bytes
->Java cache emptied: 70852718 bytes
->FireFox cache emptied: 82288242 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
 
User: Twilight
->Temp folder emptied: 572281 bytes
->Temporary Internet Files folder emptied: 5204108 bytes
->FireFox cache emptied: 65920900 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 252352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1392560219 bytes
RecycleBin emptied: 491671490 bytes
 
Total Files Cleaned = 2.159,00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 10102010_142543

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Wie lange dauert es so bis der Upload da ist??

Geändert von BlackApe (10.10.2010 um 14:47 Uhr)

Alt 10.10.2010, 14:46   #7
markusg
/// Malware-holic
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Alt 10.10.2010, 14:55   #8
BlackApe
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



Kann Combofix den PC formatieren oder wie hab ich das zu verstehen??

Alt 10.10.2010, 14:56   #9
markusg
/// Malware-holic
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



ne wie kommst darauf

Alt 10.10.2010, 14:58   #10
BlackApe
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



Weil da irgendwas steht von Ursprungsumgebung und Die Windows-CD bereithalten.

Alt 10.10.2010, 15:00   #11
markusg
/// Malware-holic
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



irgendwas, du musst schon genau lesen was da steht, es geht um die rettungskonsole. natürlich könnte combofix zu problemen führen, dass kann dir aber mit jedem programm, welches du nutzt, passieren.

Alt 10.10.2010, 15:40   #12
BlackApe
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



Code:
ATTFilter
ComboFix 10-10-09.04 - Jannik 10.10.2010  15:30:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.2196 [GMT 2:00]
ausgeführt von:: c:\users\Jannik\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\_otl\MovedFiles\10102010_142543\C_Users\Public\Documents\Windows\winhelp.exe
C:\cleansweep.exe
c:\cleansweep.exe\config.bin
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\Gast\AppData\Roaming\BITS
c:\users\Gast\AppData\Roaming\BITS\BITS.ini
c:\users\Gast\AppData\Roaming\BITS\DHTTable.dat
c:\users\Gast\AppData\Roaming\BITS\ProxyList.ini
c:\users\Jannik\AppData\Roaming\avdrn.dat
c:\users\Jannik\AppData\Roaming\BITS
c:\users\Jannik\AppData\Roaming\BITS\BITS.ini
c:\users\Jannik\AppData\Roaming\BITS\DHTTable.dat
c:\users\Jannik\AppData\Roaming\BITS\ProxyList.ini
c:\users\Jannik\AppData\Roaming\BITS\UPnP.ini
c:\users\Jannik\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Jannik\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\Jannik\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\Jannik\Favorites\mxfilerelatedcache.mxc2
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat
c:\users\Twilight\AppData\Roaming\BITS
c:\users\Twilight\AppData\Roaming\BITS\BITS.ini
c:\users\Twilight\AppData\Roaming\BITS\DHTTable.dat
c:\users\Twilight\AppData\Roaming\BITS\ProxyList.ini

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-10 bis 2010-10-10  ))))))))))))))))))))))))))))))
.

2010-10-10 13:35 . 2010-10-10 13:35    --------    d-----w-    c:\users\Jannik\AppData\Local\temp
2010-10-10 12:25 . 2010-10-10 12:44    --------    d-----w-    C:\_OTL
2010-10-09 20:49 . 2010-10-09 20:49    --------    d-----w-    c:\users\Jannik\AppData\Roaming\Avira
2010-10-09 17:47 . 2010-03-01 08:05    124784    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-10-09 17:47 . 2010-02-16 12:24    60936    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-10-09 17:47 . 2009-05-11 10:49    51992    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-10-09 17:47 . 2009-05-11 10:49    17016    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-10-09 17:47 . 2010-10-09 17:47    --------    d-----w-    c:\programdata\Avira
2010-10-09 17:47 . 2010-10-09 17:47    --------    d-----w-    c:\program files\Avira
2010-10-09 16:53 . 2010-09-14 23:02    23512    ----a-w-    c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-10-09 16:53 . 2010-09-14 23:02    138712    ----a-w-    c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-10-09 10:41 . 2003-09-03 00:28    724992    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2010-10-09 10:41 . 2003-09-03 00:27    69715    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2010-10-09 10:41 . 2003-09-03 00:26    266240    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2010-10-09 10:41 . 2003-09-03 00:26    192512    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2010-10-09 10:41 . 2003-09-03 00:25    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2010-10-09 10:41 . 2010-10-09 10:41    311428    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2010-10-09 10:41 . 2010-10-09 10:41    184452    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2010-10-08 22:06 . 2010-09-09 22:52    6084944    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{862699FA-144F-4E4B-92D8-D791B579F746}\mpengine.dll
2010-10-05 16:52 . 2010-10-05 16:52    --------    d--h--w-    c:\programdata\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2010-10-05 16:51 . 2010-10-05 16:51    --------    d--h--w-    c:\programdata\{B67754EF-0BFC-493C-AD53-F5A9559F1E49}
2010-10-05 16:01 . 2010-10-05 16:01    --------    d-----w-    c:\users\Jannik\AppData\Roaming\Alnera
2010-10-03 10:37 . 2010-10-03 12:19    --------    d-----w-    c:\users\Gast\VASSAL
2010-10-03 08:30 . 2010-10-03 08:30    --------    d-----w-    c:\users\Gast\AppData\Roaming\vlc
2010-10-02 12:25 . 2010-10-02 12:25    --------    d-----w-    c:\program files\Trebaxa
2010-09-29 12:44 . 2010-06-22 12:57    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-09-18 10:19 . 2010-09-18 10:19    --------    d-----w-    c:\users\Jannik\mods
2010-09-15 14:10 . 2010-04-16 16:10    501760    ----a-w-    c:\windows\system32\usp10.dll
2010-09-15 14:10 . 2010-08-17 13:32    126464    ----a-w-    c:\windows\system32\spoolsv.exe
2010-09-15 14:10 . 2010-04-05 16:08    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:10 . 2010-05-27 19:16    738816    ----a-w-    c:\windows\system32\inetcomm.dll
2010-09-14 17:32 . 2010-09-14 17:32    --------    d-----w-    c:\program files\iPod

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 20:24 . 2009-04-15 20:24    1044480    ----a-w-    c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24    200704    ----a-w-    c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06    163328    --sh--r-    c:\windows\System32\flvDX.dll
2007-02-21 10:47    31232    --sh--r-    c:\windows\System32\msfDX.dll
2008-03-16 12:30    216064    --sh--r-    c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ClipIncSrvTray"="c:\program files\Tobit ClipInc\Player\ClipIncTray.exe" [2009-03-16 668424]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-23 203928]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-27 1242448]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-22 133432]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-21 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca0a54c6c8e650;Google Update Service (gupdate1ca0a54c6c8e650);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 133104]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ClipInc001;ClipInc 001;c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - avgntflt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-10-10 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-15 11:07]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 22:44]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 22:44]

2010-10-07 c:\windows\Tasks\Norton Security Scan for Jannik.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-13 07:48]

2010-10-10 c:\windows\Tasks\User_Feed_Synchronization-{CA065216-DD17-454D-B3FB-93DA2E515D71}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\Jannik\AppData\Roaming\Mozilla\Firefox\Profiles\t9rhmqzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=8BHxn8ZFdUKHS9Ke.Akwrg&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Jannik\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);                                                 user_pref(general.useragent.extra.zencast, Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-Rbidog - c:\users\Jannik\AppData\Local\xULevsb.dll
AddRemove-EvilLyrics - c:\program files\EvilLyrics\uninst.exe
AddRemove-Free 3GP Video Converter_is1 - c:\program files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe
AddRemove-WarFront - c:\program files\EA GAMES\Battlefield 1942\Mods\Uninstal.exe
AddRemove-Who Dares Wins 0.23 client - c:\program files\EA GAMES\Battlefield 1942\Mods\WhoDaresWins\Uninstal.exe
AddRemove-{18FF899B-CEB9-4C40-80ED-04A3A274B55B}_is1 - c:\program files\Alnera\FeedBuster\unins000.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3022767743-2744068324-2558049244-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,58,06,62,2c,fe,71,4c,ef,f1,3f,1e,68,d9,9e,84,53,13,d5,6a,ba,
   51,31,19,65,45,8b,78,16,0f,4d,31,42,fe,d6,b7,25,70,b4,d8,f5,4d,de,eb,13,7d,\
"rkeysecu"=hex:60,8d,f5,9f,eb,5f,6e,a9,ad,b5,d3,86,38,ef,d5,af

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-10  15:37:06
ComboFix-quarantined-files.txt  2010-10-10 13:37

Vor Suchlauf: 14 Verzeichnis(se), 24.478.322.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 24.269.955.072 Bytes frei

- - End Of File - - 57319E54BB1D2049BAD27F5C8B5EDD08
         
Das Log und ein Problem: mein Laptop piepst die ganze Zeit und AntiVir startet nicht.

€: das neue problem hat sich erledigt.

Geändert von BlackApe (10.10.2010 um 15:52 Uhr)

Alt 10.10.2010, 15:51   #13
markusg
/// Malware-holic
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



starte ihn mal neu. dann weiter hiermit:
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Alt 10.10.2010, 16:06   #14
BlackApe
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



OK, sag mal wie lange dauert den das noch, so im Durchschnitt??

Alt 10.10.2010, 16:10   #15
markusg
/// Malware-holic
 
Google spinnt und leitet teilweise flasch weiter - Standard

Google spinnt und leitet teilweise flasch weiter



keine ahnung, mindestens bis wir fertig sind...
aber sieht ja schon mal besser aus.

Antwort

Themen zu Google spinnt und leitet teilweise flasch weiter
0 bytes, antivir, antivir guard, avg, avira, bho, bonjour, defender, desktop, ebay, falsche seite, firefox, google, hijack, internet, internet explorer, jar_cache, java-virus, jusched.exe, local\temp, mozilla, notepad.exe, nt.dll, performance, problem, prozesse, rundll, saver, server, service pack 1, software, system, trojaner, trojaner gefunden, uleadburninghelper, versteckte objekte, verweise, virus gefunden, vista, windows, zwei trojaner



Ähnliche Themen: Google spinnt und leitet teilweise flasch weiter


  1. Google leitet auf falsche Seite weiter
    Log-Analyse und Auswertung - 25.02.2013 (13)
  2. Microsoft.com leitet auf Google weiter
    Log-Analyse und Auswertung - 29.11.2012 (3)
  3. Browser leitet Links von Google um und führt Seiten teilweise garnicht aus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (3)
  4. Google leitet auf falsche Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (19)
  5. Google leitet auf unerwünschte Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (16)
  6. Google leitet weiter auf about:blank
    Plagegeister aller Art und deren Bekämpfung - 29.03.2011 (4)
  7. Google leitet falsch weiter
    Plagegeister aller Art und deren Bekämpfung - 12.02.2011 (5)
  8. Google leitet auf andere Seiten weiter!
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (29)
  9. Google leitet zu werbung weiter
    Log-Analyse und Auswertung - 20.06.2010 (14)
  10. Google leitet falsch weiter...Bin ratlos!
    Log-Analyse und Auswertung - 07.02.2010 (3)
  11. Google leitet auf andere Seiten weiter
    Log-Analyse und Auswertung - 25.12.2009 (1)
  12. Google leitet auf falsche Seite weiter
    Log-Analyse und Auswertung - 17.06.2009 (2)
  13. Google leitet auf falsche Steiten weiter
    Log-Analyse und Auswertung - 14.06.2009 (0)
  14. google leitet falsch weiter
    Log-Analyse und Auswertung - 11.02.2009 (17)
  15. Google leitet falsch weiter
    Log-Analyse und Auswertung - 11.02.2009 (15)
  16. Google leitet falsch weiter etc.
    Log-Analyse und Auswertung - 22.10.2008 (1)
  17. google leitet willkürlich weiter
    Log-Analyse und Auswertung - 30.09.2008 (1)

Zum Thema Google spinnt und leitet teilweise flasch weiter - Ich habe ein Problem, erstmal ich hab nicht so die Ahnung von PCs. Und dann zum Hauptproblem: Angefangen hat es damit, dass mir AntiVir und Windows gleichzeitig einen Trojaner meldeten. - Google spinnt und leitet teilweise flasch weiter...
Archiv
Du betrachtest: Google spinnt und leitet teilweise flasch weiter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.