| |
| |||||||
Log-Analyse und Auswertung: Pc läuft langsam und Antivir zeigt Funde anWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
18.11.2010, 14:38
| #1 |
 |  Pc läuft langsam und Antivir zeigt Funde an Mein Pc läuft in letzter Zeit langsamer und Antivir zeigt öfters Funde an. z.B. In der Datei 'C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRQE1OMM\a[1].jpg' wurde ein Virus oder unerwünschtes Programm 'JS/Agent.PH' [virus] gefunden. 'C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMS4XU1G\ap[1].js' wurde ein Virus oder unerwünschtes Programm 'HTML/Rce.Gen' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:06:09, on 31.03.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ICQ7.1\ICQ.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [recinfo464] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20100331 O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O13 - Gopher Prefix: O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 4864 bytes Vielen Dank für die Hilfe  Edit: achso ich benutze eigentlich nur Firefox und verstehe nicht warum der Internet Explorer so oft aufgeführt ist. |
|
18.11.2010, 20:52
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Pc läuft langsam und Antivir zeigt Funde anZitat:
Hast du Malwarebytes schon ausgeführt? Wenn ja bitte Logs posten.
__________________ |
|
18.11.2010, 21:49
| #3 |
| | Pc läuft langsam und Antivir zeigt Funde an Ähm muss ich den IE auch updaten wenn ich ihn nicht benutze? Hab eigentlich automatische Updates eingestellt und es werden auch ab und zu welche installiert, sry kenne mich nicht wirklich aus was ist SP1 und wie kann ich das installieren?
__________________Und Malwarebytes findet nichts... |
|
18.11.2010, 21:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pc läuft langsam und Antivir zeigt Funde an Ja, der IE muss immer aktualisiert werden auch bei Nichtbenutzung. Das Log von MBAM möchte ich trotzdem mal sehen, es zeigt nämlich noch andere Infos als nur Funde oder keine Funde.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.11.2010, 22:04
| #5 |
| | Pc läuft langsam und Antivir zeigt Funde an Mir wird komischerweise nach dem Durchlauf kein Button zum Log speichern angezeigt? |
|
18.11.2010, 22:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pc läuft langsam und Antivir zeigt Funde an Im Reiter Logdateien sind alle Logs gespeichert Ich will auch alle alten Logs sehen, nicht nur das aktuelle
__________________ --> Pc läuft langsam und Antivir zeigt Funde an |
|
19.11.2010, 18:31
| #7 |
| | Pc läuft langsam und Antivir zeigt Funde an Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5147 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 19.11.2010 18:04:03 mbam-log-2010-11-19 (18-04-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 323826 Laufzeit: 1 Stunde(n), 52 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\1C Company\Space Rangers 2\D3dHook.dll (Trojan.KillDisk) -> No action taken. |
|
19.11.2010, 18:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pc läuft langsam und Antivir zeigt Funde an Wo sind die älteren Logs?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2010, 18:40
| #9 |
| | Pc läuft langsam und Antivir zeigt Funde an wenn ich im Programm auf Logdateien geh wird gar nix angezeigt nichtmal die aktuelle? edit: achso hab das Programm auch grad erst installiert ^^ Geändert von Plukas (19.11.2010 um 18:46 Uhr) |
|
19.11.2010, 18:50
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pc läuft langsam und Antivir zeigt Funde an Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2010, 19:02
| #11 |
| | Pc läuft langsam und Antivir zeigt Funde an Ja ich weiß sollte die Festplatte mal aufräumen...OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 19.11.2010 18:55:13 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Lukas\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 47,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,90 Gb Total Space | 1,68 Gb Free Space | 0,78% Space Free | Partition Type: NTFS Drive D: | 106,45 Gb Total Space | 4,15 Gb Free Space | 3,90% Space Free | Partition Type: NTFS Drive E: | 320,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: * | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\Lukas\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) PRC - C:\Program Files\DVD Profiler\dvdpro.exe (Invelos Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\BumpTop\TexHelper.exe () PRC - C:\Program Files\BumpTop\BumpTop.exe () PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\mysql\bin\mysqld-nt.exe () ========== Modules (SafeList) ========== MOD - c:\Users\Lukas\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai\netsession_win_4176eef.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SearchAnonymizer) -- C:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (MySQL) -- C:\mysql\bin\mysqld-nt.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (ViPrt) -- C:\Windows\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.) DRV - (ViBus) -- C:\Windows\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.22 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.5 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8 FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 13:50:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 13:50:23 | 000,000,000 | ---D | M] [2010.03.31 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2010.11.19 15:48:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions [2010.06.27 08:50:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.18 14:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80} [2010.10.19 20:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96} [2010.06.18 14:44:08 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99} [2010.05.20 20:42:54 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.08.23 20:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.10 22:57:24 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2010.05.20 19:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.10.07 17:30:41 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.07.09 21:09:51 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2010.09.30 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\battlefieldheroespatcher@ea.com [2010.06.22 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\gutscheinmieze@synatix-gmbh.de [2010.05.27 21:07:29 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\bs1daq1h.default\extensions\searchrecs@veoh.com [2010.11.15 20:32:34 | 000,001,056 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\FireFox\Profiles\bs1daq1h.default\searchplugins\icqplugin.xml [2010.10.26 13:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.05.11 19:49:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.06 19:25:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.26 13:22:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010.10.17 16:28:27 | 000,001,678 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.17 16:28:27 | 000,002,647 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.06.22 12:49:24 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2010.10.17 16:28:27 | 000,007,045 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.17 16:28:27 | 000,001,272 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.17 16:28:27 | 000,001,164 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.13 16:53:40 | 000,001,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll (TODO: <Company name>) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Lukas\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Lukas\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Ocs_SM] C:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation) O4 - HKLM..\Run: [recinfo464] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) O4 - HKCU..\Run: [GMX SMS-Manager] C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG) O4 - HKCU..\Run: [GMX_GMX MultiMessenger] L:\Neuer Ordner (2)\gmx\MESSENGR.EXE File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm () O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm () O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe () O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe () O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Lukas\AppData\LocalLow\Microñoft\redir.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.09.20 03:41:46 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - Unable to obtain root file information for disk G:\ O33 - MountPoints2\{b3b830a9-4544-11df-9de6-000e2ed73d3f}\Shell - "" = AutoRun O33 - MountPoints2\{b3b830a9-4544-11df-9de6-000e2ed73d3f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.19 17:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\MyMDb [2010.11.16 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\RTLNowFreeContentLoader v1.2.5 [2010.11.16 15:41:47 | 000,000,000 | ---D | C] -- C:\Users\Lukas\VisualBoyAdvance-1.8.0-beta3 [2010.11.04 19:23:35 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2010.11.04 19:23:32 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.11.04 19:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010.11.04 19:21:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2010.11.04 19:21:24 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2010.11.04 19:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2010.11.04 19:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010.11.04 19:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2010.10.26 13:22:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.26 13:22:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.26 13:22:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.24 19:08:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\NeroVision [2010.04.30 16:25:09 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe [2010.02.03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.19 18:12:21 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.19 18:12:21 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.19 18:05:30 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\pqbjsq.sys [2010.11.19 17:27:21 | 000,000,766 | ---- | M] () -- C:\Users\Lukas\Desktop\MyMDb.lnk [2010.11.19 16:29:13 | 000,698,076 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.19 16:29:13 | 000,656,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.19 16:29:13 | 000,140,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.19 16:29:13 | 000,121,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.19 15:47:34 | 000,106,812 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.19 14:27:27 | 000,106,812 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.11.19 14:12:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.19 14:12:16 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2010.11.18 20:57:20 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Matthias.job [2010.11.18 18:10:10 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80BA4B18-BDFE-40FA-99C7-0216450B1CE0}.job [2010.11.18 17:01:12 | 002,800,790 | ---- | M] () -- C:\Users\Lukas\dramentheorie.odp [2010.11.18 15:38:37 | 000,000,997 | ---- | M] () -- C:\Users\Lukas\Documents\filme.rtf [2010.11.18 15:29:02 | 876,721,080 | ---- | M] () -- C:\Users\Lukas\american beauty.avi [2010.11.18 15:26:23 | 000,018,829 | -H-- | M] () -- C:\Users\Lukas\mxfilerelatedcache.mxc2 [2010.11.18 15:26:14 | 000,000,030 | ---- | M] () -- C:\Users\Lukas\DSC00734.jpx [2010.11.18 14:14:09 | 000,001,948 | ---- | M] () -- C:\Users\Lukas\Desktop\HiJackThis.lnk [2010.11.17 20:45:05 | 000,020,480 | ---- | M] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.17 13:50:14 | 000,027,131 | ---- | M] () -- C:\Users\Lukas\RalphWiggum2.gif [2010.11.16 22:44:28 | 000,065,536 | ---- | M] () -- C:\Users\Lukas\Kuru Kuru Kururin (E).sav [2010.11.16 22:43:38 | 000,069,209 | ---- | M] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)3.sgm [2010.11.16 18:32:20 | 000,082,529 | ---- | M] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)2.sgm [2010.11.16 16:10:58 | 000,074,998 | ---- | M] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)1.sgm [2010.11.14 19:15:12 | 000,011,150 | ---- | M] () -- C:\Users\Lukas\dramafaufbau.gif [2010.11.14 18:17:52 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2010.11.13 15:57:03 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Lukas.job [2010.11.13 11:40:30 | 000,001,440 | ---- | M] () -- C:\Users\Lukas\Desktop\DivX Movies.lnk [2010.11.13 11:40:03 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.11.04 19:20:36 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2010.11.03 21:39:33 | 019,923,984 | ---- | M] () -- C:\Users\Lukas\backup1.dpb [2010.11.03 21:38:49 | 003,030,946 | ---- | M] () -- C:\Users\Lukas\Documents\2010-11-3-21-38-MyMDb_Backup.xlg [2010.11.03 11:30:36 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.03 11:30:36 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.10.24 16:03:33 | 000,166,611 | ---- | M] () -- C:\Users\Lukas\Documents\Unbenannt (5).wma [2010.10.24 16:02:00 | 000,130,691 | ---- | M] () -- C:\Users\Lukas\Documents\Unbenannt (4).wma [2010.10.24 16:01:22 | 000,162,121 | ---- | M] () -- C:\Users\Lukas\Documents\Unbenannt (3).wma [2010.10.24 11:18:32 | 001,131,377 | ---- | M] () -- C:\Users\Lukas\hanna.psd [2010.10.22 16:29:05 | 255,928,821 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.20 19:21:06 | 019,737,417 | ---- | M] () -- C:\Users\Lukas\backup1.dpb.bak [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.19 18:05:30 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\pqbjsq.sys [2010.11.19 18:04:09 | 000,001,226 | ---- | C] () -- C:\Users\Lukas\mbam-log-2010-11-19 (18-04-03).txt [2010.11.19 17:27:21 | 000,000,766 | ---- | C] () -- C:\Users\Lukas\Desktop\MyMDb.lnk [2010.11.18 15:26:14 | 000,000,030 | ---- | C] () -- C:\Users\Lukas\DSC00734.jpx [2010.11.18 15:26:13 | 000,018,829 | -H-- | C] () -- C:\Users\Lukas\mxfilerelatedcache.mxc2 [2010.11.17 13:50:07 | 000,027,131 | ---- | C] () -- C:\Users\Lukas\RalphWiggum2.gif [2010.11.16 22:43:38 | 000,069,209 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)3.sgm [2010.11.16 18:32:20 | 000,082,529 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)2.sgm [2010.11.16 16:10:58 | 000,074,998 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E)1.sgm [2010.11.16 15:50:20 | 000,065,536 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E).sav [2010.11.16 15:40:25 | 004,194,304 | ---- | C] () -- C:\Users\Lukas\Kuru Kuru Kururin (E).gba [2010.11.14 19:15:11 | 000,011,150 | ---- | C] () -- C:\Users\Lukas\dramafaufbau.gif [2010.11.11 15:31:58 | 002,800,790 | ---- | C] () -- C:\Users\Lukas\dramentheorie.odp [2010.11.04 19:21:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.11.04 19:21:24 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.11.04 19:20:36 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2010.11.03 21:38:16 | 003,030,946 | ---- | C] () -- C:\Users\Lukas\Documents\2010-11-3-21-38-MyMDb_Backup.xlg [2010.10.28 19:16:42 | 732,728,075 | ---- | C] () -- C:\Das.Bourne.Ultimatum.German.AC3.DVDRiP.XviD_EMPiRE.CD1.avi.ob! [2010.10.24 16:03:33 | 000,166,611 | ---- | C] () -- C:\Users\Lukas\Documents\Unbenannt (5).wma [2010.10.24 16:02:00 | 000,130,691 | ---- | C] () -- C:\Users\Lukas\Documents\Unbenannt (4).wma [2010.10.24 16:01:21 | 000,162,121 | ---- | C] () -- C:\Users\Lukas\Documents\Unbenannt (3).wma [2010.10.24 11:18:31 | 001,131,377 | ---- | C] () -- C:\Users\Lukas\hanna.psd [2010.09.02 17:13:28 | 000,000,206 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\burnaware.ini [2010.09.01 23:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.06.23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.06.23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.06.06 21:02:26 | 000,000,031 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\FileStore.dll [2010.05.12 15:47:25 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.05.12 15:47:24 | 000,138,056 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\PnkBstrK.sys [2010.04.25 17:11:52 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.04.18 17:57:21 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.31 20:24:01 | 000,020,480 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.31 19:09:49 | 000,106,812 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.03.31 19:09:48 | 000,106,812 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.03.31 14:18:11 | 000,000,680 | ---- | C] () -- C:\Users\Lukas\AppData\Local\d3d9caps.dat [2010.02.11 08:58:56 | 000,004,096 | ---- | C] () -- C:\Windows\System32\detoured.dll [2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.11.19 17:24:52 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.11.19 17:24:51 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.11.19 17:18:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2007.01.25 18:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2003.07.23 21:54:22 | 000,045,138 | ---- | C] () -- C:\Windows\System32\PrintExtension.dll [2001.02.01 09:49:26 | 000,217,088 | ---- | C] () -- C:\Windows\System32\libmySQL.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Lukas\american beauty.avi:TOC.WMV @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D0757AAB < End of report > --- --- ---OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.11.2010 18:55:13 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Lukas\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,90 Gb Total Space | 1,68 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive D: | 106,45 Gb Total Space | 4,15 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive E: | 320,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{272F84E5-FA44-4A69-A098-25D58AFEFEE2}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2A8312DD-7A53-40D8-AAC9-BAF38F93CAB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{31AD5DB5-FDB3-4E7E-AB3E-FB7339DDFCBD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3E5B4787-0431-4FD2-8A0F-285AF42846EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{4F82462B-EB7C-4E83-8E28-0FDD95930B75}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{5A0AE5CA-5931-4271-950A-CC2D1D00F5CB}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{5D045AC8-FA5D-47DC-931E-433133812A42}" = rport=138 | protocol=17 | dir=out | app=system |
"{68D79D05-7768-4777-AB3D-CDE0EAB24AF8}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B557CED-A244-430C-BEB0-DCDFDA51E8B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{8CD73376-007C-4A4C-A41E-B53CBFFFBE20}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{93E7B02E-F282-4D86-9915-09F31F1D5C9E}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{949918D5-DB7B-4474-A4E1-5F69AF410414}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA5EA96C-37A9-4A8A-96E6-A13F6BB7CA79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DE98A0A8-CD9C-41D7-8E35-712FD34F8E16}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2C5EA6F-C978-48A8-A631-E3FCE651A11E}" = lport=137 | protocol=17 | dir=in | app=system |
"{E6437CB3-E04E-458C-9BAE-61D03BF23F2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F7907163-4399-4064-8DCE-9BDA58B1F3A9}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BB0053-6DE6-4400-BE95-46744ECCCA6A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0C545FB8-99B9-4E52-BB2E-645AF8793154}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{0C65B8C6-DE0B-4F26-B8AF-765A2ACFA75B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{173B2136-E3E5-4D4C-9273-1FBE39D784A2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{18E8D377-9968-4AB7-9360-34DB6DBEC295}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1F868044-2860-4E9B-8B5B-C262E215D43A}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{27FE8822-EC8E-4B0A-AF20-71222AB5ACA9}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{2C05409A-E726-4802-BB94-88147E8F09FC}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{30309C68-3B19-4FF2-8BE3-1CC869381C12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{30775B19-3CB9-49E7-B881-2ED035D6D678}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{30853D9C-1AFA-446E-A226-6580835EEA21}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{37C528F8-F668-4B47-A680-DE8FE8DAD2EF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{38B83FBA-E8A6-488F-86D6-124A7524C626}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A049A7B-CFF0-4345-B553-FBD1EF3CE514}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4024466B-F971-477B-8A25-E9B7A7A2BC3D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C41F875-4FCA-4538-90F6-7FD0FE8E9B38}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D706C13-AD30-48B2-88E9-56031AD805C6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{52AA4AF9-6BCE-4633-8396-551D73C90622}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{530B7273-7A23-4C77-BF6D-94C682823AD5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{55D451A9-E0E5-4858-B1D9-DEF926880D3D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5BF7960B-0067-4C1E-AC1C-DF22977937A7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5CD750F2-A09A-4925-BB76-86CBB5BBE94E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5D8F5985-DC0B-4FEA-9B9D-55A7EABE45BC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{641612A0-EAE2-49E6-BC1C-773BA0847CD1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7577E44E-4320-41F2-B1AE-C455DD77C3EC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{776386EE-7A09-451E-8F29-5A66A4F46F1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C381A75-517A-433E-8E4E-1D694FEAA978}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{8AF49088-DCA6-49BA-AC1B-18AE69C4097C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F6A7DAE-C66D-4DF6-84DF-EDE4A7BF2596}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{91EB8A33-267A-47F0-9A72-9077B9B4EEBA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{922962CC-754B-431C-9650-28B13395CB58}" = protocol=17 | dir=in | app=c:\gamigo\snowboundonline\run.exe |
"{A061382D-2552-4C5F-9ECC-C0BC912B4218}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{A21FD0E0-1F40-4E2A-B780-60F6CE88579D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B297B0CD-B9A3-44B0-9809-DC9198794256}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B459E993-CB0B-4557-842D-50E5A3CDB859}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{B9DE8E0F-418A-43FC-B6B5-529377EE1A7F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BB461AD7-1DCE-4B8A-8005-CBFBA988708C}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{C1F519DD-23A9-4BBE-9BB1-7FF06DE862A0}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{C3B65639-87F3-4110-AD12-469714323B1A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CCB2C099-8240-453F-85DC-9F17E8ABC22B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{D3EC73A7-4AC4-41A5-9D0F-86F0A82BA56E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{E25CAC54-EEB2-48BF-8B1F-32B246B06A2D}" = protocol=6 | dir=in | app=c:\gamigo\snowboundonline\run.exe |
"{EA1340EA-C3FD-42F4-9151-DCE318647E96}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{F2E2F813-0F24-4F3E-9F6B-64662889C104}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{F35EE609-302C-46D7-8D54-853154C5C82B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F5F5342D-B151-430F-83B9-7713CD5B1FA7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F659243F-9F38-436B-991C-E3FF18F36C4E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{F7F7BB0E-BC5C-4C76-9E1A-72FC7E8E8B34}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"TCP Query User{0777912F-4072-4C4A-BF34-610D441E103F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{107CFC61-3AC3-409C-85C4-14A7D4957907}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat |
"TCP Query User{11679891-69C0-4C8C-9D54-66510EE792A9}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{14B5EAB1-0963-455D-AA37-B5CB55867829}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{164E5770-A7DB-43A0-87A5-5E2F53379E97}L:\games\paraworld\bin\pwserver.exe" = protocol=6 | dir=in | app=l:\games\paraworld\bin\pwserver.exe |
"TCP Query User{44B39E04-0363-4C03-83C8-3A9CADD83A00}L:\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=l:\orbitdownloader\orbitnet.exe |
"TCP Query User{45A12F4D-8B6D-480E-876D-545F7D30F1FC}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{66BBF06A-6D29-423D-B381-0E838AC4AECA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{67290B6A-A1D0-4B8B-A9D3-0CD3BEFF69B2}L:\neuer ordner (2)\gmx\messengr.exe" = protocol=6 | dir=in | app=l:\neuer ordner (2)\gmx\messengr.exe |
"TCP Query User{6BDF0EF5-E05D-4CBB-A809-ECF9E2A8ADA0}C:\program files\rockstar games\midnight club ii\mc2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\midnight club ii\mc2.exe |
"TCP Query User{6E82E454-E954-4064-B148-9E55612862AC}L:\games\splinter_cell_p_t\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=l:\games\splinter_cell_p_t\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{854E155D-0130-4F39-A22A-4ACE0BF9C1CA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8D310036-63B6-4739-AC06-6F21BE839F8D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{959F2FB6-FC92-4918-81AB-204F6D2240EC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{A401471D-373C-4939-A623-83BC483FF45F}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{D40E4EE2-96A4-46B1-B7BE-D3FEC31587E4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D86261A6-0BB3-411F-BE9F-69CF3E8C4BF7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{DB5ECD8B-C8D3-4AFE-A6AE-B50A855B2FED}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F70EA80B-2222-40E1-B2C7-2553C8B7F590}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{F7F17C0F-1428-46AE-B066-E64E5191F52D}C:\gta\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\gta\gtawin\grand theft auto.exe |
"TCP Query User{FD6C5B66-79C9-4159-A5BB-8C78950FF0A0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{05C91808-B535-48A5-A9EA-380F4B5D9446}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{0EA57236-8FAB-4E4A-A97E-76223E579DFF}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{1005EF54-D625-4F3C-B269-02127A0FDAC7}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat |
"UDP Query User{2050BB14-C06E-46C1-A600-BA889FBA4B12}L:\neuer ordner (2)\gmx\messengr.exe" = protocol=17 | dir=in | app=l:\neuer ordner (2)\gmx\messengr.exe |
"UDP Query User{219214A2-E1DB-4860-9F5A-9404E0952C4A}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{39B5ED26-EBF9-44C0-9312-A8CBF4A5369B}C:\gta\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\gta\gtawin\grand theft auto.exe |
"UDP Query User{4A2FF802-1488-400D-99B6-DACF90E3D29E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{5B0D44B6-EC3F-4743-B51A-7F91582CC6AB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6FECB068-3B3F-4D75-BB26-9F340BABA020}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{876EB4C3-D90F-4D1C-B7B5-BAF6904890D2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{898821F8-785F-42DA-8ABB-09CDD9DADBD9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8F4BC0A3-24B4-4243-9E02-5E7861B8E183}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{A2AA4F22-42F7-4ED3-9516-EC2C56201C45}L:\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=l:\orbitdownloader\orbitnet.exe |
"UDP Query User{A6AC32C9-CC15-49A9-97B5-25434B1440E0}L:\games\paraworld\bin\pwserver.exe" = protocol=17 | dir=in | app=l:\games\paraworld\bin\pwserver.exe |
"UDP Query User{B6855319-1786-4F63-8388-93783652A8DE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{B6A16752-CBB5-4266-AD1D-AE9CC3BD8437}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{BECF7C42-E19C-4106-9064-6B36299F0E1F}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{D4808876-32CB-470B-AF0F-4762E0FA226F}C:\program files\rockstar games\midnight club ii\mc2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\midnight club ii\mc2.exe |
"UDP Query User{DEAEE97F-AA47-42A3-95B3-53B205C64F90}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FC1875A7-7FEB-4DB1-B6E0-0C29804802F4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{FFB94360-2058-4E68-8468-393692A8D917}L:\games\splinter_cell_p_t\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=l:\games\splinter_cell_p_t\splinter cell pandora tomorrow\pandora.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1D049523-F355-4848-AB92-0CB5AC9409AF}_is1" = SnowBound Online v2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{B3E919BE-8878-45B8-A095-2A3970F1B324}" = MySQL Server und Clients 4.1.11
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Ant Movie Catalog_is1" = Ant Movie Catalog
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BFGC" = Big Fish Games: Game Manager
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"BurnAware Free_is1" = BurnAware Free 3.0.4
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cradle of Rome" = Cradle of Rome (remove only)
"Der Clou!2" = Der Clou!2
"DivX Setup.divx.com" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy HTML To Any Script Converter" = Easy HTML To Any Script Converter
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FL Studio 9" = FL Studio 9
"FlashGet" = FlashGet 1.9.6.1073
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.0
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Get Styles" = Get Styles
"GMX SMS-Manager" = GMX SMS-Manager
"Governor Of Poker en Español" = Governor Of Poker en Español
"Grand Theft Auto" = Grand Theft Auto
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"Handbrake" = Handbrake 0.9.4
"Hardcore" = Hardcore
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IL Download Manager" = IL Download Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.79 (D)
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.144 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MyMDb_0" = MyMDb 3.6
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.7
"PoiZone" = PoiZone
"Poker Superstars II" = Poker Superstars II (remove only)
"PokerStars.net" = PokerStars.net
"PPLive" = PPLive 1.9
"PunkBusterSvc" = PunkBuster Services
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"SearchAnonymizer" = SearchAnonymizer
"Serious Samurize" = Serious Samurize
"Shock 4Way 3D v1.29" = Shock 4Way 3D v1.29
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SopCast" = SopCast 3.2.9
"Space Rangers 2" = 1C Company\Space Rangers 2
"SumatraPDF" = SumatraPDF
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"URLSnooper 2_is1" = URL Snooper v2.17.01
"Veetle TV" = Veetle TV 0.9.17
"Veoh Web Player Beta" = Veoh Web Player
"Videora iPod classic Converter" = Videora iPod classic Converter 5.04
"Videora iPod Converter" = Videora iPod Converter 5
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VobSub" = VobSub v2.23 (Remove Only)
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR
"YouTube Downloader App" = YouTube Downloader App 2.00
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.11.2010 11:00:27 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description =
Error - 17.11.2010 11:12:55 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description =
Error - 17.11.2010 11:13:08 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description =
Error - 17.11.2010 11:17:18 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description =
Error - 17.11.2010 11:17:30 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description =
Error - 17.11.2010 13:13:35 | Computer Name = Lukas-PC | Source = WerSvc | ID = 5007
Description =
Error - 18.11.2010 09:02:43 | Computer Name = Lukas-PC | Source = WerSvc | ID = 5007
Description =
Error - 18.11.2010 09:13:15 | Computer Name = Lukas-PC | Source = VSS | ID = 12289
Description =
Error - 18.11.2010 09:35:07 | Computer Name = Lukas-PC | Source = WerSvc | ID = 5007
Description =
Error - 18.11.2010 12:55:17 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ System Events ]
Error - 02.05.2010 14:10:51 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 02.05.2010 14:10:58 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 02.05.2010 14:11:05 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 02.05.2010 14:11:12 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 02.05.2010 14:11:19 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 02.05.2010 14:11:26 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 02.05.2010 14:12:42 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 02.05.2010 14:12:46 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 04.05.2010 09:39:14 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 05.05.2010 12:01:32 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
< End of report >
|
|
19.11.2010, 19:04
| #12 |
| | Pc läuft langsam und Antivir zeigt Funde an sry doppelpost |
|
19.11.2010, 20:28
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pc läuft langsam und Antivir zeigt Funde anZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Pc läuft langsam und Antivir zeigt Funde an |
| adobe, antivir, bho, defender, explorer, firefox, hijack, hijackthis, icq, internet, internet explorer, langsam, microsoft, mozilla, pc läuft, pdf, programdata, programm, programme, rundll, server, software, system, virus, vista, warum, windows |
Linear-Darstellung
