Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Pc läuft langsam und Antivir zeigt Funde an

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.11.2010, 13:38   #1
Plukas
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Mein Pc läuft in letzter Zeit langsamer und Antivir zeigt öfters Funde an.
z.B. In der Datei 'C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRQE1OMM\a[1].jpg'
wurde ein Virus oder unerwünschtes Programm 'JS/Agent.PH' [virus] gefunden.

'C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMS4XU1G\ap[1].js'
wurde ein Virus oder unerwünschtes Programm 'HTML/Rce.Gen' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:09, on 31.03.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo464] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20100331
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O13 - Gopher Prefix: 
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 4864 bytes
         
--- --- ---
Vielen Dank für die Hilfe

Edit: achso ich benutze eigentlich nur Firefox und verstehe nicht warum der Internet Explorer so oft aufgeführt ist.

Alt 18.11.2010, 19:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Zitat:
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Mit Updates haste es nicht so? Nichtmal das SP1 ist installiert. Und der IE8 fehlt auch!
Hast du Malwarebytes schon ausgeführt? Wenn ja bitte Logs posten.
__________________

__________________

Alt 18.11.2010, 20:49   #3
Plukas
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Ähm muss ich den IE auch updaten wenn ich ihn nicht benutze? Hab eigentlich automatische Updates eingestellt und es werden auch ab und zu welche installiert, sry kenne mich nicht wirklich aus was ist SP1 und wie kann ich das installieren?
Und Malwarebytes findet nichts...
__________________

Alt 18.11.2010, 20:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Ja, der IE muss immer aktualisiert werden auch bei Nichtbenutzung.
Das Log von MBAM möchte ich trotzdem mal sehen, es zeigt nämlich noch andere Infos als nur Funde oder keine Funde.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.11.2010, 21:04   #5
Plukas
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Mir wird komischerweise nach dem Durchlauf kein Button zum Log speichern angezeigt?


Alt 18.11.2010, 21:58   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Im Reiter Logdateien sind alle Logs gespeichert
Ich will auch alle alten Logs sehen, nicht nur das aktuelle
__________________
--> Pc läuft langsam und Antivir zeigt Funde an

Alt 19.11.2010, 17:31   #7
Plukas
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5147

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

19.11.2010 18:04:03
mbam-log-2010-11-19 (18-04-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 323826
Laufzeit: 1 Stunde(n), 52 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\1C Company\Space Rangers 2\D3dHook.dll (Trojan.KillDisk) -> No action taken.

Alt 19.11.2010, 17:38   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Wo sind die älteren Logs?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2010, 17:40   #9
Plukas
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



wenn ich im Programm auf Logdateien geh wird gar nix angezeigt nichtmal die aktuelle?
edit: achso hab das Programm auch grad erst installiert ^^

Geändert von Plukas (19.11.2010 um 17:46 Uhr)

Alt 19.11.2010, 17:50   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2010, 18:02   #11
Plukas
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Ja ich weiß sollte die Festplatte mal aufräumen...OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 19.11.2010 18:55:13 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = c:\Users\Lukas\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,90 Gb Total Space | 1,68 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive D: | 106,45 Gb Total Space | 4,15 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive E: | 320,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Lukas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\DVD Profiler\dvdpro.exe (Invelos Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\BumpTop\TexHelper.exe ()
PRC - C:\Program Files\BumpTop\BumpTop.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\mysql\bin\mysqld-nt.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\Lukas\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\program files\common files\akamai\netsession_win_4176eef.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SearchAnonymizer) -- C:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MySQL) -- C:\mysql\bin\mysqld-nt.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (ViPrt) -- C:\Windows\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\Windows\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.22
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.5
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 13:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 13:50:23 | 000,000,000 | ---D | M]
 
[2010.03.31 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2010.11.19 15:48:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions
[2010.06.27 08:50:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.18 14:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2010.10.19 20:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010.06.18 14:44:08 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2010.05.20 20:42:54 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.08.23 20:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.10 22:57:24 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2010.05.20 19:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.07 17:30:41 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.07.09 21:09:51 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.09.30 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\battlefieldheroespatcher@ea.com
[2010.06.22 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\gutscheinmieze@synatix-gmbh.de
[2010.05.27 21:07:29 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\searchrecs@veoh.com
[2010.11.15 20:32:34 | 000,001,056 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\FireFox\Profiles\bs1daq1h.default\searchplugins\icqplugin.xml
[2010.10.26 13:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.05.11 19:49:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.06 19:25:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.26 13:22:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2010.10.17 16:28:27 | 000,001,678 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.17 16:28:27 | 000,002,647 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.22 12:49:24 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2010.10.17 16:28:27 | 000,007,045 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.17 16:28:27 | 000,001,272 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.17 16:28:27 | 000,001,164 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.13 16:53:40 | 000,001,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll (TODO: <Company name>)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Lukas\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Lukas\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [recinfo464] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKCU..\Run: [GMX SMS-Manager] C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
O4 - HKCU..\Run: [GMX_GMX MultiMessenger] L:\Neuer Ordner (2)\gmx\MESSENGR.EXE File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm ()
O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Lukas\AppData\LocalLow\Microñoft\redir.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.09.20 03:41:46 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{b3b830a9-4544-11df-9de6-000e2ed73d3f}\Shell - "" = AutoRun
O33 - MountPoints2\{b3b830a9-4544-11df-9de6-000e2ed73d3f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.19 17:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\MyMDb
[2010.11.16 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\RTLNowFreeContentLoader v1.2.5
[2010.11.16 15:41:47 | 000,000,000 | ---D | C] -- C:\Users\Lukas\VisualBoyAdvance-1.8.0-beta3
[2010.11.04 19:23:35 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010.11.04 19:23:32 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.11.04 19:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.11.04 19:21:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2010.11.04 19:21:24 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010.11.04 19:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010.11.04 19:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.11.04 19:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010.10.26 13:22:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.26 13:22:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.26 13:22:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.24 19:08:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\NeroVision
[2010.04.30 16:25:09 | 002,131,336 | ---- | C] (Ask.com                                                      ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[2010.02.03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.19 18:12:21 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 18:12:21 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 18:05:30 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\pqbjsq.sys
[2010.11.19 17:27:21 | 000,000,766 | ---- | M] () -- C:\Users\Lukas\Desktop\MyMDb.lnk
[2010.11.19 16:29:13 | 000,698,076 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.19 16:29:13 | 000,656,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.19 16:29:13 | 000,140,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.19 16:29:13 | 000,121,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.19 15:47:34 | 000,106,812 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.19 14:27:27 | 000,106,812 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.19 14:12:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.19 14:12:16 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.18 20:57:20 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Matthias.job
[2010.11.18 18:10:10 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80BA4B18-BDFE-40FA-99C7-0216450B1CE0}.job
[2010.11.18 17:01:12 | 002,800,790 | ---- | M] () -- C:\Users\Lukas\dramentheorie.odp
[2010.11.18 15:38:37 | 000,000,997 | ---- | M] () -- C:\Users\Lukas\Documents\filme.rtf
[2010.11.18 15:29:02 | 876,721,080 | ---- | M] () -- C:\Users\Lukas\american beauty.avi
[2010.11.18 15:26:23 | 000,018,829 | -H-- | M] () -- C:\Users\Lukas\mxfilerelatedcache.mxc2
[2010.11.18 15:26:14 | 000,000,030 | ---- | M] () -- C:\Users\Lukas\DSC00734.jpx
[2010.11.18 14:14:09 | 000,001,948 | ---- | M] () -- C:\Users\Lukas\Desktop\HiJackThis.lnk
[2010.11.17 20:45:05 | 000,020,480 | ---- | M] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.17 13:50:14 | 000,027,131 | ---- | M] () -- C:\Users\Lukas\RalphWiggum2.gif
[2010.11.16 22:44:28 | 000,065,536 | ---- | M] () -- C:\Users\Lukas\Kuru Kuru Kururin (E).sav
[2010.11.16 22:43:38 | 000,069,209 | ---- | M] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)3.sgm
[2010.11.16 18:32:20 | 000,082,529 | ---- | M] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)2.sgm
[2010.11.16 16:10:58 | 000,074,998 | ---- | M] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)1.sgm
[2010.11.14 19:15:12 | 000,011,150 | ---- | M] () -- C:\Users\Lukas\dramafaufbau.gif
[2010.11.14 18:17:52 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.11.13 15:57:03 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Lukas.job
[2010.11.13 11:40:30 | 000,001,440 | ---- | M] () -- C:\Users\Lukas\Desktop\DivX Movies.lnk
[2010.11.13 11:40:03 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.11.04 19:20:36 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.11.03 21:39:33 | 019,923,984 | ---- | M] () -- C:\Users\Lukas\backup1.dpb
[2010.11.03 21:38:49 | 003,030,946 | ---- | M] () -- C:\Users\Lukas\Documents\2010-11-3-21-38-MyMDb_Backup.xlg
[2010.11.03 11:30:36 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.03 11:30:36 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.10.24 16:03:33 | 000,166,611 | ---- | M] () -- C:\Users\Lukas\Documents\Unbenannt (5).wma
[2010.10.24 16:02:00 | 000,130,691 | ---- | M] () -- C:\Users\Lukas\Documents\Unbenannt (4).wma
[2010.10.24 16:01:22 | 000,162,121 | ---- | M] () -- C:\Users\Lukas\Documents\Unbenannt (3).wma
[2010.10.24 11:18:32 | 001,131,377 | ---- | M] () -- C:\Users\Lukas\hanna.psd
[2010.10.22 16:29:05 | 255,928,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.20 19:21:06 | 019,737,417 | ---- | M] () -- C:\Users\Lukas\backup1.dpb.bak
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.19 18:05:30 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\pqbjsq.sys
[2010.11.19 18:04:09 | 000,001,226 | ---- | C] () -- C:\Users\Lukas\mbam-log-2010-11-19 (18-04-03).txt
[2010.11.19 17:27:21 | 000,000,766 | ---- | C] () -- C:\Users\Lukas\Desktop\MyMDb.lnk
[2010.11.18 15:26:14 | 000,000,030 | ---- | C] () -- C:\Users\Lukas\DSC00734.jpx
[2010.11.18 15:26:13 | 000,018,829 | -H-- | C] () -- C:\Users\Lukas\mxfilerelatedcache.mxc2
[2010.11.17 13:50:07 | 000,027,131 | ---- | C] () -- C:\Users\Lukas\RalphWiggum2.gif
[2010.11.16 22:43:38 | 000,069,209 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)3.sgm
[2010.11.16 18:32:20 | 000,082,529 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)2.sgm
[2010.11.16 16:10:58 | 000,074,998 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)1.sgm
[2010.11.16 15:50:20 | 000,065,536 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E).sav
[2010.11.16 15:40:25 | 004,194,304 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E).gba
[2010.11.14 19:15:11 | 000,011,150 | ---- | C] () -- C:\Users\Lukas\dramafaufbau.gif
[2010.11.11 15:31:58 | 002,800,790 | ---- | C] () -- C:\Users\Lukas\dramentheorie.odp
[2010.11.04 19:21:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.11.04 19:21:24 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.11.04 19:20:36 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.11.03 21:38:16 | 003,030,946 | ---- | C] () -- C:\Users\Lukas\Documents\2010-11-3-21-38-MyMDb_Backup.xlg
[2010.10.28 19:16:42 | 732,728,075 | ---- | C] () -- C:\Das.Bourne.Ultimatum.German.AC3.DVDRiP.XviD_EMPiRE.CD1.avi.ob!
[2010.10.24 16:03:33 | 000,166,611 | ---- | C] () -- C:\Users\Lukas\Documents\Unbenannt (5).wma
[2010.10.24 16:02:00 | 000,130,691 | ---- | C] () -- C:\Users\Lukas\Documents\Unbenannt (4).wma
[2010.10.24 16:01:21 | 000,162,121 | ---- | C] () -- C:\Users\Lukas\Documents\Unbenannt (3).wma
[2010.10.24 11:18:31 | 001,131,377 | ---- | C] () -- C:\Users\Lukas\hanna.psd
[2010.09.02 17:13:28 | 000,000,206 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\burnaware.ini
[2010.09.01 23:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.06.06 21:02:26 | 000,000,031 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\FileStore.dll
[2010.05.12 15:47:25 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.12 15:47:24 | 000,138,056 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\PnkBstrK.sys
[2010.04.25 17:11:52 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.18 17:57:21 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.03.31 20:24:01 | 000,020,480 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.31 19:09:49 | 000,106,812 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.31 19:09:48 | 000,106,812 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.03.31 14:18:11 | 000,000,680 | ---- | C] () -- C:\Users\Lukas\AppData\Local\d3d9caps.dat
[2010.02.11 08:58:56 | 000,004,096 | ---- | C] () -- C:\Windows\System32\detoured.dll
[2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.11.19 17:24:52 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.11.19 17:24:51 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.11.19 17:18:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007.01.25 18:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003.07.23 21:54:22 | 000,045,138 | ---- | C] () -- C:\Windows\System32\PrintExtension.dll
[2001.02.01 09:49:26 | 000,217,088 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Lukas\american beauty.avi:TOC.WMV
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D0757AAB

< End of report >
         
--- --- ---

--- --- ---OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.11.2010 18:55:13 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = c:\Users\Lukas\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,90 Gb Total Space | 1,68 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive D: | 106,45 Gb Total Space | 4,15 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive E: | 320,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{272F84E5-FA44-4A69-A098-25D58AFEFEE2}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{2A8312DD-7A53-40D8-AAC9-BAF38F93CAB4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{31AD5DB5-FDB3-4E7E-AB3E-FB7339DDFCBD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{3E5B4787-0431-4FD2-8A0F-285AF42846EB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4F82462B-EB7C-4E83-8E28-0FDD95930B75}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{5A0AE5CA-5931-4271-950A-CC2D1D00F5CB}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{5D045AC8-FA5D-47DC-931E-433133812A42}" = rport=138 | protocol=17 | dir=out | app=system | 
"{68D79D05-7768-4777-AB3D-CDE0EAB24AF8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8B557CED-A244-430C-BEB0-DCDFDA51E8B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8CD73376-007C-4A4C-A41E-B53CBFFFBE20}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{93E7B02E-F282-4D86-9915-09F31F1D5C9E}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{949918D5-DB7B-4474-A4E1-5F69AF410414}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DA5EA96C-37A9-4A8A-96E6-A13F6BB7CA79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DE98A0A8-CD9C-41D7-8E35-712FD34F8E16}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E2C5EA6F-C978-48A8-A631-E3FCE651A11E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E6437CB3-E04E-458C-9BAE-61D03BF23F2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F7907163-4399-4064-8DCE-9BDA58B1F3A9}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BB0053-6DE6-4400-BE95-46744ECCCA6A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0C545FB8-99B9-4E52-BB2E-645AF8793154}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{0C65B8C6-DE0B-4F26-B8AF-765A2ACFA75B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{173B2136-E3E5-4D4C-9273-1FBE39D784A2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{18E8D377-9968-4AB7-9360-34DB6DBEC295}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1F868044-2860-4E9B-8B5B-C262E215D43A}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{27FE8822-EC8E-4B0A-AF20-71222AB5ACA9}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{2C05409A-E726-4802-BB94-88147E8F09FC}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{30309C68-3B19-4FF2-8BE3-1CC869381C12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{30775B19-3CB9-49E7-B881-2ED035D6D678}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{30853D9C-1AFA-446E-A226-6580835EEA21}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{37C528F8-F668-4B47-A680-DE8FE8DAD2EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{38B83FBA-E8A6-488F-86D6-124A7524C626}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3A049A7B-CFF0-4345-B553-FBD1EF3CE514}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{4024466B-F971-477B-8A25-E9B7A7A2BC3D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4C41F875-4FCA-4538-90F6-7FD0FE8E9B38}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4D706C13-AD30-48B2-88E9-56031AD805C6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{52AA4AF9-6BCE-4633-8396-551D73C90622}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{530B7273-7A23-4C77-BF6D-94C682823AD5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{55D451A9-E0E5-4858-B1D9-DEF926880D3D}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{5BF7960B-0067-4C1E-AC1C-DF22977937A7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5CD750F2-A09A-4925-BB76-86CBB5BBE94E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5D8F5985-DC0B-4FEA-9B9D-55A7EABE45BC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{641612A0-EAE2-49E6-BC1C-773BA0847CD1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7577E44E-4320-41F2-B1AE-C455DD77C3EC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{776386EE-7A09-451E-8F29-5A66A4F46F1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7C381A75-517A-433E-8E4E-1D694FEAA978}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{8AF49088-DCA6-49BA-AC1B-18AE69C4097C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8F6A7DAE-C66D-4DF6-84DF-EDE4A7BF2596}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{91EB8A33-267A-47F0-9A72-9077B9B4EEBA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{922962CC-754B-431C-9650-28B13395CB58}" = protocol=17 | dir=in | app=c:\gamigo\snowboundonline\run.exe | 
"{A061382D-2552-4C5F-9ECC-C0BC912B4218}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{A21FD0E0-1F40-4E2A-B780-60F6CE88579D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{B297B0CD-B9A3-44B0-9809-DC9198794256}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B459E993-CB0B-4557-842D-50E5A3CDB859}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{B9DE8E0F-418A-43FC-B6B5-529377EE1A7F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{BB461AD7-1DCE-4B8A-8005-CBFBA988708C}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{C1F519DD-23A9-4BBE-9BB1-7FF06DE862A0}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{C3B65639-87F3-4110-AD12-469714323B1A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{CCB2C099-8240-453F-85DC-9F17E8ABC22B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{D3EC73A7-4AC4-41A5-9D0F-86F0A82BA56E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{E25CAC54-EEB2-48BF-8B1F-32B246B06A2D}" = protocol=6 | dir=in | app=c:\gamigo\snowboundonline\run.exe | 
"{EA1340EA-C3FD-42F4-9151-DCE318647E96}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F2E2F813-0F24-4F3E-9F6B-64662889C104}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{F35EE609-302C-46D7-8D54-853154C5C82B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F5F5342D-B151-430F-83B9-7713CD5B1FA7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F659243F-9F38-436B-991C-E3FF18F36C4E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{F7F7BB0E-BC5C-4C76-9E1A-72FC7E8E8B34}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"TCP Query User{0777912F-4072-4C4A-BF34-610D441E103F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{107CFC61-3AC3-409C-85C4-14A7D4957907}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat | 
"TCP Query User{11679891-69C0-4C8C-9D54-66510EE792A9}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{14B5EAB1-0963-455D-AA37-B5CB55867829}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{164E5770-A7DB-43A0-87A5-5E2F53379E97}L:\games\paraworld\bin\pwserver.exe" = protocol=6 | dir=in | app=l:\games\paraworld\bin\pwserver.exe | 
"TCP Query User{44B39E04-0363-4C03-83C8-3A9CADD83A00}L:\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=l:\orbitdownloader\orbitnet.exe | 
"TCP Query User{45A12F4D-8B6D-480E-876D-545F7D30F1FC}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{66BBF06A-6D29-423D-B381-0E838AC4AECA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{67290B6A-A1D0-4B8B-A9D3-0CD3BEFF69B2}L:\neuer ordner (2)\gmx\messengr.exe" = protocol=6 | dir=in | app=l:\neuer ordner (2)\gmx\messengr.exe | 
"TCP Query User{6BDF0EF5-E05D-4CBB-A809-ECF9E2A8ADA0}C:\program files\rockstar games\midnight club ii\mc2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\midnight club ii\mc2.exe | 
"TCP Query User{6E82E454-E954-4064-B148-9E55612862AC}L:\games\splinter_cell_p_t\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=l:\games\splinter_cell_p_t\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{854E155D-0130-4F39-A22A-4ACE0BF9C1CA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{8D310036-63B6-4739-AC06-6F21BE839F8D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{959F2FB6-FC92-4918-81AB-204F6D2240EC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{A401471D-373C-4939-A623-83BC483FF45F}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"TCP Query User{D40E4EE2-96A4-46B1-B7BE-D3FEC31587E4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D86261A6-0BB3-411F-BE9F-69CF3E8C4BF7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{DB5ECD8B-C8D3-4AFE-A6AE-B50A855B2FED}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F70EA80B-2222-40E1-B2C7-2553C8B7F590}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{F7F17C0F-1428-46AE-B066-E64E5191F52D}C:\gta\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\gta\gtawin\grand theft auto.exe | 
"TCP Query User{FD6C5B66-79C9-4159-A5BB-8C78950FF0A0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{05C91808-B535-48A5-A9EA-380F4B5D9446}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{0EA57236-8FAB-4E4A-A97E-76223E579DFF}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{1005EF54-D625-4F3C-B269-02127A0FDAC7}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat | 
"UDP Query User{2050BB14-C06E-46C1-A600-BA889FBA4B12}L:\neuer ordner (2)\gmx\messengr.exe" = protocol=17 | dir=in | app=l:\neuer ordner (2)\gmx\messengr.exe | 
"UDP Query User{219214A2-E1DB-4860-9F5A-9404E0952C4A}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"UDP Query User{39B5ED26-EBF9-44C0-9312-A8CBF4A5369B}C:\gta\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\gta\gtawin\grand theft auto.exe | 
"UDP Query User{4A2FF802-1488-400D-99B6-DACF90E3D29E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5B0D44B6-EC3F-4743-B51A-7F91582CC6AB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{6FECB068-3B3F-4D75-BB26-9F340BABA020}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{876EB4C3-D90F-4D1C-B7B5-BAF6904890D2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{898821F8-785F-42DA-8ABB-09CDD9DADBD9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8F4BC0A3-24B4-4243-9E02-5E7861B8E183}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{A2AA4F22-42F7-4ED3-9516-EC2C56201C45}L:\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=l:\orbitdownloader\orbitnet.exe | 
"UDP Query User{A6AC32C9-CC15-49A9-97B5-25434B1440E0}L:\games\paraworld\bin\pwserver.exe" = protocol=17 | dir=in | app=l:\games\paraworld\bin\pwserver.exe | 
"UDP Query User{B6855319-1786-4F63-8388-93783652A8DE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{B6A16752-CBB5-4266-AD1D-AE9CC3BD8437}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{BECF7C42-E19C-4106-9064-6B36299F0E1F}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{D4808876-32CB-470B-AF0F-4762E0FA226F}C:\program files\rockstar games\midnight club ii\mc2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\midnight club ii\mc2.exe | 
"UDP Query User{DEAEE97F-AA47-42A3-95B3-53B205C64F90}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{FC1875A7-7FEB-4DB1-B6E0-0C29804802F4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{FFB94360-2058-4E68-8468-393692A8D917}L:\games\splinter_cell_p_t\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=l:\games\splinter_cell_p_t\splinter cell pandora tomorrow\pandora.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1D049523-F355-4848-AB92-0CB5AC9409AF}_is1" = SnowBound Online v2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{B3E919BE-8878-45B8-A095-2A3970F1B324}" = MySQL Server und Clients 4.1.11
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Ant Movie Catalog_is1" = Ant Movie Catalog
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BFGC" = Big Fish Games: Game Manager
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"BurnAware Free_is1" = BurnAware Free 3.0.4
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cradle of Rome" = Cradle of Rome (remove only)
"Der Clou!2" = Der Clou!2
"DivX Setup.divx.com" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy HTML To Any Script Converter" = Easy HTML To Any Script Converter
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FL Studio 9" = FL Studio 9
"FlashGet" = FlashGet 1.9.6.1073
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.0
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Get Styles" = Get Styles
"GMX SMS-Manager" = GMX SMS-Manager
"Governor Of Poker en Español" = Governor Of Poker en Español
"Grand Theft Auto" = Grand Theft Auto
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"Handbrake" = Handbrake 0.9.4
"Hardcore" = Hardcore
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IL Download Manager" = IL Download Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.79 (D)
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.144 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MyMDb_0" = MyMDb 3.6
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.7
"PoiZone" = PoiZone
"Poker Superstars II" = Poker Superstars II (remove only)
"PokerStars.net" = PokerStars.net
"PPLive" = PPLive 1.9
"PunkBusterSvc" = PunkBuster Services
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"SearchAnonymizer" = SearchAnonymizer
"Serious Samurize" = Serious Samurize
"Shock 4Way 3D v1.29" = Shock 4Way 3D v1.29
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SopCast" = SopCast 3.2.9
"Space Rangers 2" = 1C Company\Space Rangers 2
"SumatraPDF" = SumatraPDF
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"URLSnooper 2_is1" = URL Snooper v2.17.01
"Veetle TV" = Veetle TV 0.9.17
"Veoh Web Player Beta" = Veoh Web Player
"Videora iPod classic Converter" = Videora iPod classic Converter 5.04
"Videora iPod Converter" = Videora iPod Converter 5
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VobSub" = VobSub v2.23 (Remove Only)
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR
"YouTube Downloader App" = YouTube Downloader App 2.00
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.11.2010 11:00:27 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description = 
 
Error - 17.11.2010 11:12:55 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description = 
 
Error - 17.11.2010 11:13:08 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description = 
 
Error - 17.11.2010 11:17:18 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description = 
 
Error - 17.11.2010 11:17:30 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description = 
 
Error - 17.11.2010 13:13:35 | Computer Name = Lukas-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 18.11.2010 09:02:43 | Computer Name = Lukas-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 18.11.2010 09:13:15 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description = 
 
Error - 18.11.2010 09:35:07 | Computer Name = Lukas-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 18.11.2010 12:55:17 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 02.05.2010 14:10:51 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2010 14:10:58 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2010 14:11:05 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2010 14:11:12 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2010 14:11:19 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2010 14:11:26 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2010 14:12:42 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2010 14:12:46 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 04.05.2010 09:39:14 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 05.05.2010 12:01:32 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
 
< End of report >
         
--- --- ---

Alt 19.11.2010, 18:04   #12
Plukas
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



sry doppelpost

Alt 19.11.2010, 19:28   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pc läuft langsam und Antivir zeigt Funde an - Standard

Pc läuft langsam und Antivir zeigt Funde an



Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
Was haste du da für ein AdobeCS drauf? Warum soll dein Rechner adobe nicht erreichen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Pc läuft langsam und Antivir zeigt Funde an
adobe, antivir, bho, defender, explorer, firefox, hijack, hijackthis, icq, internet, internet explorer, langsam, microsoft, mozilla, pc läuft, pdf, programdata, programm, programme, rundll, server, software, system, virus, vista, warum, windows



Ähnliche Themen: Pc läuft langsam und Antivir zeigt Funde an


  1. Mein PC läuft immer bei einer CPU Auslastung von 100% bzw meistens - er läuft viel zu langsam
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (1)
  2. Laptop langsam, mbam zeigt Funde-log bleibt leer?
    Log-Analyse und Auswertung - 08.09.2014 (14)
  3. Windows 8, fährt ziemlich langsam hoch, AVIRA Scan zeigt funde
    Log-Analyse und Auswertung - 05.08.2014 (7)
  4. Firefox zeigt BKA/Interpol-Fake -Seite an; System läuft (noch)
    Log-Analyse und Auswertung - 04.02.2014 (9)
  5. Portable Thunderbird zeigt seltsames Verhalten, Avira hat 5 Funde
    Log-Analyse und Auswertung - 15.01.2014 (9)
  6. malwarebytes zeigt 12 funde an!
    Plagegeister aller Art und deren Bekämpfung - 01.01.2014 (9)
  7. Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an
    Log-Analyse und Auswertung - 02.10.2013 (7)
  8. GUV Virus weiterhin auf dem Rechner? Malewarebytes = keine Funde/ Antivir = 2 Funde
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (3)
  9. Internet ist extrem langsam. Antivir zeigt den Virus EXP/2011-3544.DP.1 an.
    Log-Analyse und Auswertung - 30.05.2012 (1)
  10. Hilfe!!! antivir zeigt funde an, was muss ich jetzt tun?
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (1)
  11. Windows Vista ganz langsam, Lüfter läuft (und läuft) PC fährt nicht runter...
    Alles rund um Windows - 27.02.2011 (6)
  12. HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.
    Log-Analyse und Auswertung - 30.12.2010 (27)
  13. Firefox total langsam / Chrome läuft gut /Antivir mehrere Funde
    Log-Analyse und Auswertung - 22.08.2010 (3)
  14. Internet Explorer läuft im Hintergrung und zeigt pop-ups (IQ-Test, Online Poker, ...)
    Log-Analyse und Auswertung - 16.07.2010 (3)
  15. Antivir zeigt 29 funde an !
    Plagegeister aller Art und deren Bekämpfung - 01.02.2010 (3)
  16. GMER zeigt Rootkit, Laptop läuft ohne Programme auf 100%, nicht auszuschalten ...
    Log-Analyse und Auswertung - 23.12.2009 (27)
  17. AntiVir 25 Funde, HJT-Logfile und AntiVir Report
    Log-Analyse und Auswertung - 06.08.2009 (13)

Zum Thema Pc läuft langsam und Antivir zeigt Funde an - Mein Pc läuft in letzter Zeit langsamer und Antivir zeigt öfters Funde an. z.B. In der Datei 'C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRQE1OMM\a[1].jpg' wurde ein Virus oder unerwünschtes Programm 'JS/Agent.PH' [virus] gefunden. 'C:\Users\*\AppData\Local\Microsoft\Windows\Temporary - Pc läuft langsam und Antivir zeigt Funde an...
Archiv
Du betrachtest: Pc läuft langsam und Antivir zeigt Funde an auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.