| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.01.2011, 20:04
| #1 |
 |  TR/Crypt.XPACK.Gen Hallo, Bin leider auf dem Gebiet Viren ein ziemlicher Neuling und habe mir seit Gestern scheinbar so ein Teil eingefangen. Antivir erkennt bei mir folgende Datei als schädliche Malware oben genannter Bezeichnung: C:\ProgramData\wietulopto.tmp Wenn ich auf "Delete" gehe, erscheint die Meldung wenige Sekunden später sofort wieder. Ich habe bereits nach dem Virus gegoogelt, aber keine richtig funktionsfähige Lösung gefunden. Auf meinem PC hat sich bisher noch nichts bemerkbar gemacht, außer dass mich die ständige Meldung ziemlich beim Arbeiten nervt. Wisst ihr Rat? Besten Dank im Voraus! |
|
11.01.2011, 20:51
| #2 |
| /// Helfer-Team  | TR/Crypt.XPACK.Gen Hallo Desolation und Willkommen am Trojaner Board!
__________________Vorweg ein paar Hinweise (Bitte beachten!):
Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung: 1.) Avira Antivir - Was wurde gefunden? Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
2.) Dateiüberprüfung auf Virustotal Besuche Virustotal Suche dort folgende Datei und lade sie über den Button "Send file" hoch. Code:
ATTFilter C:\ProgramData\wietulopto.tmp
Wenn die Datei nicht zu finden ist, sag mir bitte Bescheid. 3.) Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
__________________ |
|
11.01.2011, 21:14
| #3 |
| | TR/Crypt.XPACK.Gen Also Schritt zwei funktioniert nicht, wenn ich die Datei hochladen will, kommt: Sie haben keine Berechtigung die Datei auszuführen.
__________________Den Rest habe ich gemacht. Schonmal Danke. |
|
11.01.2011, 21:42
| #4 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen Sorry, bitte poste die Logs direkt in den Thread, das macht mir die Auswertung einfacher 
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte!  |
|
11.01.2011, 22:00
| #5 |
| | TR/Crypt.XPACK.Gen Exported events: 11.01.2011 20:56 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\ProgramData\wietulopto.tmp. Action performed: Deny access 11.01.2011 20:56 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\ProgramData\wietulopto.tmp. Action performed: Deny access 11.01.2011 20:56 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\ProgramData\wietulopto.tmp. Action performed: Deny access 11.01.2011 20:56 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\ProgramData\wietulopto.tmp. Action performed: Deny access 11.01.2011 20:56 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\ProgramData\wietulopto.tmp. Action performed: Deny access 11.01.2011 20:56 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\ProgramData\wietulopto.tmp. Action performed: Deny access 11.01.2011 20:56 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\ProgramData\wietulopto.tmp. Action performed: Deny access ...und tausendfach so weiter... ----------------------------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.01.2011 21:00:48 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 569,15 Gb Free Space | 61,10% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.03.31 19:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (SafeList) ========== MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.10.20 18:45:30 | 001,857,838 | -H-- | M] () [Auto | Stopped] -- C:\ProgramData\wietulopto.dat -- (SENS) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)" FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.4.15 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 19:45:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M] [2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2011.01.11 07:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.27 15:22:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.08.25 09:23:09 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\illimitux@illimitux.net [2010.05.27 15:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\staged-xpis [2011.01.11 17:14:46 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml [2011.01.11 17:14:46 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml [2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.25 19:41:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.02.25 19:41:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\wietulopto.tmp) - C:\ProgramData\wietulopto.tmp () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - c:\progra~2\wietulopto.dat - c:\ProgramData\wietulopto.dat () O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\Shell - "" = AutoRun O33 - MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.11 20:59:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.11 20:40:53 | 000,000,000 | ---D | C] -- C:\avrescue [2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira [2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.19 16:20:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Rock The Nation 2010 [2010.12.15 11:16:07 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.15 11:16:07 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.15 11:16:07 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.15 11:16:05 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.15 11:16:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.15 11:16:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.15 11:15:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.15 11:15:54 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.15 11:15:53 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.15 11:15:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.15 11:15:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.15 11:15:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.15 11:15:53 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.12.15 11:15:53 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.15 11:15:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.12.15 11:15:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.15 11:15:52 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.15 11:15:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.15 11:15:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 20:57:29 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.11 20:57:29 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.11 20:54:29 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ecfqsq.sys [2011.01.11 19:04:36 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.11 19:04:27 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.11 18:57:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.11 18:57:25 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys [2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.11 17:06:29 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job [2011.01.10 14:41:27 | 000,012,392 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.09 22:58:19 | 000,066,560 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.09 16:22:39 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.09 16:22:39 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.09 16:22:39 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.09 16:22:39 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.09 12:21:45 | 000,000,680 | ---- | M] () -- C:\Users\Patrick\AppData\Local\d3d9caps.dat [2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.17 11:33:18 | 000,320,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.15 12:30:00 | 000,037,376 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc [2010.12.13 17:45:43 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Hellveto - Wiara, nadzieja..., potepienie.doc [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.11 20:54:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ecfqsq.sys [2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.10 14:41:27 | 000,012,392 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc [2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.12.18 21:38:34 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.12.13 17:45:43 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Hellveto - Wiara, nadzieja..., potepienie.doc [2010.10.20 18:45:30 | 001,857,838 | -H-- | C] () -- C:\ProgramData\wietulopto.dat [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi [2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.04.27 11:38:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm [2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.28 12:05:41 | 000,066,560 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.12.24 20:08:45 | 000,000,680 | ---- | C] () -- C:\Users\Patrick\AppData\Local\d3d9caps.dat [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.# [2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC [2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado [2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports [2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo [2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2 [2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools [2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro [2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.10 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2011.01.10 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0 [2011.01.11 19:03:36 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ [2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn [2010.12.28 22:30:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\kikin [2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics [2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda [2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream [2011.01.07 01:21:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV [2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws [2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee [2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp [2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent [2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft [2011.01.11 18:57:38 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.11 17:06:29 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job ========== Purity Check ========== < End of report > -------------------------------------------------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.01.2011 21:00:48 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 569,15 Gb Free Space | 61,10% Space Free | Partition Type: NTFS
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system |
"{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system |
"{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system |
"{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system |
"{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system |
"{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe |
"{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe |
"{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
"TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe |
"TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe |
"TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe |
"TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe |
"TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe |
"TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe |
"TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe |
"TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat |
"TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe |
"TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe |
"UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe |
"UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe |
"UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe |
"UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe |
"UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe |
"UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe |
"UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat |
"UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe |
"UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin Plugin (NO23 Edition) 2.0
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.1.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.6.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Hamachi" = Hamachi 1.0.1.5
"Hospital" = Theme Hospital
"ImgBurn" = ImgBurn
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RayV" = RayV
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SopCast" = SopCast 3.0.3
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TV Sponsoren 2007" = TV Sponsoren 2007
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"UUSEE" = UUSee ÍøÂçµçÊÓ [4.8.307.11]
"UUSEE_base" = UUSee ²¥·Å²å¼þ»ù´¡°ü 4.8.306.18
"VLC media player" = VLC media player 1.0.5
"Vtune_is1" = Vtune 6.6
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skat-Online V7" = Skat-Online V7
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.02.2010 19:14:24 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm GTA2.EXE, Version 9.6.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 7a4 Anfangszeit: 01cab34b87ee2804 Zeitpunkt der Beendigung:
0
Error - 21.02.2010 19:14:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm GTA2.EXE, Version 9.6.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 49c Anfangszeit: 01cab34b9bed6b44 Zeitpunkt der Beendigung:
0
Error - 21.02.2010 20:04:39 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.9.8.1, Zeitstempel 0x493a8cbd,
fehlerhaftes Modul libdvdnav_plugin.dll, Version 0.0.0.0, Zeitstempel 0x493a92d3,
Ausnahmecode 0xc0000005, Fehleroffset 0x000100f8, Prozess-ID 0x880, Anwendungsstartzeit
01cab3529b8f1e5c.
Error - 22.02.2010 11:49:54 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2010 13:23:26 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2010 06:50:51 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2010 07:19:37 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2010 07:44:45 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2010 07:23:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 11.01.2011 13:58:46 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 11.01.2011 13:59:47 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7032
Description =
Error - 11.01.2011 14:00:06 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
11.01.2011, 23:08
| #6 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen Da wirst du ja richtig schlimm genervt...  1.) Deinstallation von Software
Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist. ------------ Worum handelt es sich bei diesen Programmen? Code:
ATTFilter UUSEE & UUSEE_base
Ich sehe außerdem, dass du Malwarebytes installiert hast. Poste mir bitte alle Logfiles, die du bisher damit erstellt hast_ Malwarebytes starten -> Reiter Logdateien -> Poste alle dort vorhandenen Logs in Codetags (Schreibe vor das Log [Code] und hinter das Log [/Code]. Achte auf das "/" !) 2.) Fixen mit OTL
3.) Einstellungen prüfen Stelle sicher, dass bei dir alle Ordner und Dateien angezeigt werden:
4.) Dateiüberprüfung auf Virustotal Besuche Virustotal Suche dort folgende Datei und lade sie über den Button "Send file" hoch. Code:
ATTFilter C:\Windows\System32\drivers\ecfqsq.sys
Wenn die Datei nicht zu finden ist, sag mir bitte Bescheid. 5.) Rootkitscan mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten. 6.) Erneuter Systemscan mit OTL
Poste bitte in deiner nächsten Antwort:
__________________ --> TR/Crypt.XPACK.Gen |
|
12.01.2011, 19:26
| #7 |
| | TR/Crypt.XPACK.Gen Bis Zum Löschen des "Viruses" hat alles geklappt. Hier sind die Logfiles: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5505
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
11.01.2011 20:50:44
mbam-log-2011-01-11 (20-50-44).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140525
Laufzeit: 6 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Patrick\AppData\Local\Temp\e.exe (Trojan.Oficla) -> Quarantined and deleted successfully.
Code:
ATTFilter All processes killed
========== OTL ==========
Service SENS stopped successfully!
Service SENS deleted successfully!
C:\ProgramData\wietulopto.dat moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\wietulopto.tmp deleted successfully.
C:\ProgramData\wietulopto.tmp moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0817f99b-d20c-11dd-ad09-002185338359}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0817f99b-d20c-11dd-ad09-002185338359}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0817f99b-d20c-11dd-ad09-002185338359}\ not found.
File K:\Autorun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\Patrick\AppData\Local\d3d9caps.dat moved successfully.
File C:\ProgramData\wietulopto.dat not found.
C:\Windows\System32\AVSredirect.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Patrick
->Temp folder emptied: 3884294792 bytes
->Temporary Internet Files folder emptied: 132676165 bytes
->Java cache emptied: 106541041 bytes
->FireFox cache emptied: 56119006 bytes
->Google Chrome cache emptied: 6415900 bytes
->Flash cache emptied: 1795 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 1311160505 bytes
RecycleBin emptied: 608562 bytes
Total Files Cleaned = 5.243,00 mb
OTL by OldTimer - Version 3.2.20.1 log created on 01112011_232513
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Trotzdem schonmal Vielen Vielen Dank! |
|
12.01.2011, 19:34
| #8 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen Hey, in Schritt 1 ist noch eine Frage, die du noch beantworten musst. Ausserdem solltest du mir bitte zu jedem Schritt eine kurze Rückmeldung geben, ob du alles erledigt hast. Die Einstellungen zum Sichtbarmachen aller Dateien, Ordner und Dateiendungen hast du richtig gesetzt bevor du die Datei hochladen wolltest? Zu Avira: Rechtsklick auf den roten Aviraschirm in der Taskleiste, dann den Haken entfernen bei "Antivir Guard aktivieren". Der Schirm sollte sich dann schliessen.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
12.01.2011, 19:45
| #9 |
| | TR/Crypt.XPACK.Gen Achso, die Programme, entschuldige. Dabei handelt es sich um soetwas wie SopCast, womit man ausländische (vornehmlich chinesische) Fernsehsender empfangen kann. Wie gesagt, bis zum Schritt mit VirusTotal hat alles funktioniert, habe die Dateien auch sichtbar gemacht, aber die von Dir angegebene ist leider nicht dabei. |
|
12.01.2011, 19:48
| #10 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen Okay, dann kannst du mit dem Gmerscan weiter machen
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
12.01.2011, 20:12
| #11 |
| | TR/Crypt.XPACK.Gen Hmm, hab das jetzt noch 2x probiert, bekomme jedes Mal einen Bluescreen und mein PC stürzt ab. |
|
12.01.2011, 20:31
| #12 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen Okay, das kommt bei GMER schon mal vor, mach dann mit der Anleitung weiter.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
12.01.2011, 21:17
| #13 |
| | TR/Crypt.XPACK.Gen OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.01.2011 21:08:33 - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 571,46 Gb Free Space | 61,35% Space Free | Partition Type: NTFS
Drive E: | 37,26 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system |
"{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system |
"{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system |
"{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system |
"{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system |
"{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe |
"{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe |
"{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
"TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe |
"TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe |
"TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe |
"TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe |
"TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe |
"TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe |
"TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe |
"TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat |
"TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe |
"TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe |
"UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe |
"UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe |
"UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe |
"UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe |
"UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe |
"UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe |
"UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe |
"UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat |
"UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe |
"UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.1.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.6.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Hamachi" = Hamachi 1.0.1.5
"Hospital" = Theme Hospital
"ImgBurn" = ImgBurn
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RayV" = RayV
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SopCast" = SopCast 3.0.3
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TV Sponsoren 2007" = TV Sponsoren 2007
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VLC media player" = VLC media player 1.0.5
"Vtune_is1" = Vtune 6.6
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skat-Online V7" = Skat-Online V7
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.02.2010 07:23:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2010 07:15:19 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2010 09:31:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1020 Anfangszeit: 01cab6e7fe4ce69f Zeitpunkt der Beendigung:
6
Error - 26.02.2010 09:32:11 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: e64 Anfangszeit: 01cab6e80eda6b4f Zeitpunkt der Beendigung:
2
Error - 26.02.2010 17:27:55 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2010 20:16:41 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.02.2010 07:38:18 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.02.2010 17:16:35 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2010 07:01:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.01.2011 14:57:36 | Computer Name = Patrick-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.01.2011 um 19:56:12 unerwartet heruntergefahren.
Error - 12.01.2011 14:57:37 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016
Description =
Error - 12.01.2011 14:58:53 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.01.2011 14:58:53 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 12.01.2011 15:00:05 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 12.01.2011 15:03:19 | Computer Name = Patrick-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.01.2011 um 20:01:31 unerwartet heruntergefahren.
Error - 12.01.2011 15:03:29 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016
Description =
Error - 12.01.2011 15:04:38 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 12.01.2011 15:04:52 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.01.2011 15:04:52 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.01.2011 21:08:33 - Run 2 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 571,46 Gb Free Space | 61,35% Space Free | Partition Type: NTFS Drive E: | 37,26 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.12 17:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winamp.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.03.31 19:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe PRC - [2009.09.03 22:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:59 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (SafeList) ========== MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)" FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.11 23:20:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M] [2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2011.01.12 15:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.27 15:22:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\illimitux@illimitux.net [2010.05.27 15:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\staged-xpis [2011.01.11 17:14:46 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml [2011.01.11 17:14:46 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml [2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.11 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - c:\progra~2\wietulopto.dat - c:\progra~2\wietulopto.dat File not found O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.11.20 20:12:37 | 000,000,000 | ---D | M] - E:\Autopsy -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.12 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.01.11 23:25:13 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.11 23:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 23:18:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.11 21:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2011.01.11 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Google [2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira [2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.19 16:20:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Rock The Nation 2010 [2010.12.15 11:16:07 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.15 11:16:07 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.15 11:16:07 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.15 11:16:05 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.15 11:16:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.15 11:16:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.15 11:15:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.15 11:15:54 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.15 11:15:53 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.15 11:15:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.15 11:15:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.15 11:15:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.15 11:15:53 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.12.15 11:15:53 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.15 11:15:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.12.15 11:15:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.15 11:15:52 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.15 11:15:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.15 11:15:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll ========== Files - Modified Within 30 Days ========== [2011.01.12 20:45:16 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.12 20:45:16 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.12 20:45:16 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.12 20:45:16 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.12 20:03:31 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.12 20:03:31 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.12 20:03:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.12 20:03:15 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys [2011.01.12 20:03:14 | 235,694,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.12 19:28:54 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.12 19:28:45 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.12 19:07:02 | 000,296,448 | ---- | M] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.12 17:36:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job [2011.01.12 15:53:47 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.10 14:41:27 | 000,012,392 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.09 22:58:19 | 000,066,560 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.17 11:33:18 | 000,320,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.15 12:30:00 | 000,037,376 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc ========== Files Created - No Company Name ========== [2011.01.12 19:07:01 | 000,296,448 | ---- | C] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.11 23:17:27 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.10 14:41:27 | 000,012,392 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc [2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.12.18 21:38:34 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi [2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm [2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.28 12:05:41 | 000,066,560 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.# [2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC [2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado [2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports [2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo [2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2 [2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools [2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro [2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.10 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2011.01.10 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0 [2011.01.12 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ [2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn [2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics [2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda [2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream [2011.01.12 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV [2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws [2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee [2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp [2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent [2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft [2011.01.11 23:57:02 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.12 17:36:21 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job ========== Purity Check ========== < End of report > |
|
12.01.2011, 22:28
| #14 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen 1.) Fixen mit OTL
2.) MBRCheck Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
14.01.2011, 21:04
| #15 |
| | TR/Crypt.XPACK.Gen Dauert dieses Mal leider ein wenig länger, da ich gerade extrem viel zu tun habe. |
|
| Themen zu TR/Crypt.XPACK.Gen |
| antivir, arbeiten, bereits, datei, erkennt, erscheint, folge, folgende, funktionsfähige, gestern, lösung, malware, meldung, neuling, nichts, programdata, richtig, schei, schädliche, sekunden, sofort, ständige, tr/crypt.xpack.ge, tr/crypt.xpack.gen, viren, virus, wenige |
Linear-Darstellung
