| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wurm.P2P gefunden, was soll ich tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.01.2011, 18:37
| #1 |
 |  wurm.P2P gefunden, was soll ich tun? Also, ich hab mir mal Malewarebytes runtergeladen und sofort nen scan gestartet. Dabei hat mir das programm 2 infizierte dateien angezeigt : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5590 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 25.01.2011 18:06:23 mbam-log-2011-01-25 (18-06-23).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 136659 Laufzeit: 6 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Desktop SMS (Worm.P2P) -> Value: Desktop SMS -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> Quarantined and deleted successfully. So, nun ist es aber so, dass sich dieser Wurm immer wiederherstellt, sobald ich ihn kill. Was muss man tun, um ihn endgültig wegzuhauen? Schon mal thx für alle Antworten |
|
25.01.2011, 20:56
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  wurm.P2P gefunden, was soll ich tun? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
__________________ |
|
25.01.2011, 21:01
| #3 |
| | wurm.P2P gefunden, was soll ich tun? jep und zwar vorher noch:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5590 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 25.01.2011 17:41:58 mbam-log-2011-01-25 (17-41-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 136463 Laufzeit: 7 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> 4528 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Desktop SMS (Worm.P2P) -> Value: Desktop SMS -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> Quarantined and deleted successfully. hier hat er noch einen infizierten prozess gefunden (Dieser Log entsdand VOR dem obrigen) |
|
25.01.2011, 21:03
| #4 |
| | wurm.P2P gefunden, was soll ich tun? ansonsten keine Geändert von Riad1299 (25.01.2011 um 21:12 Uhr) |
|
25.01.2011, 21:21
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wurm.P2P gefunden, was soll ich tun?Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.01.2011, 21:35
| #6 |
| | wurm.P2P gefunden, was soll ich tun? ich warte jetzt, bis der vollscann durchgelaufen ist. aber ich hab mir ja wie gesagt, erst malewarebytes gezogen, also ich hab ansonsten keine logs mehr. |
|
27.01.2011, 13:58
| #7 |
| | wurm.P2P gefunden, was soll ich tun? das ist...seltsam. jedesmal wenn ich einen vollscann strate, hängt sich der pc nach etwa einer dreiviertelstunde auf. aber KOMPLETT. Selbst die Uhrzeit ist stehengeblieben, und ich musste den stecker ziehen. an was liegt das? |
|
27.01.2011, 14:09
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wurm.P2P gefunden, was soll ich tun? Ich bin kein Hellseher. Probier den Vollscan im abgesicherten Modus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2011, 16:41
| #9 |
| | wurm.P2P gefunden, was soll ich tun? hmm. exakt selbes problem. hat sich aufgehängt. ich hab sogar gewartet, ob noch etwas passiert, und am ende hat sich der pc automatisch neugestartet... |
|
27.01.2011, 19:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wurm.P2P gefunden, was soll ich tun? Dann mach erstmal OTL-Logs, probieren wir den Vollscan mit MBAM später nochmal. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.01.2011, 09:36
| #11 |
| | wurm.P2P gefunden, was soll ich tun? so hab ich gemacht, hier ist der ERSTE log von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.01.2011 09:27:34 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mari\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 56,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,16 Gb Total Space | 18,39 Gb Free Space | 19,74% Space Free | Partition Type: NTFS Drive E: | 91,69 Gb Total Space | 80,80 Gb Free Space | 88,13% Space Free | Partition Type: NTFS Drive G: | 3,62 Gb Total Space | 3,43 Gb Free Space | 94,91% Space Free | Partition Type: FAT32 Computer Name: HOLGER-PC | User Name: holger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mari\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\Mari\gamedisk\FirefoxPortable\App\firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Users\Mari\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Users\holger\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Users\Mari\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Users\Mari\Documents\kr_free_1.2.19_en\KeyRemapper.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Users\Mari\gamedisk\FirefoxPortable\FirefoxPortable.exe (PortableApps.com) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.) PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Mari\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\scrchpg.dll (Kaspersky Lab) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\r3hook.dll (Kaspersky Lab) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll (Kaspersky Lab) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\Msscript1.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TOSHIBA Bluetooth Service) -- File not found SRV - (LiveUpdate Notice Ex) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Hamachi2Svc) -- C:\Users\Mari\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SearchAnonymizer) -- C:\Users\holger\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (vsdatant) -- C:\Windows\System32\vsdatant.sys (Zone Labs, LLC) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.01 17:19:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.01 17:19:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Users\Mari\components [2010.01.07 14:22:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Users\Mari\plugins [2009.12.17 14:29:54 | 000,000,000 | ---D | M] [2010.04.28 20:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\holger\AppData\Roaming\mozilla\Extensions [2011.01.01 16:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\holger\AppData\Roaming\mozilla\Firefox\Profiles\26ro77mz.default\extensions [2010.04.28 20:29:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\holger\AppData\Roaming\mozilla\Firefox\Profiles\26ro77mz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.27 20:55:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\holger\AppData\Roaming\mozilla\Firefox\Profiles\26ro77mz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.13 14:01:15 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\holger\AppData\Roaming\mozilla\Firefox\Profiles\26ro77mz.default\extensions\DTToolbar@toolbarnet.com [2010.04.28 21:01:31 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\holger\AppData\Roaming\mozilla\Firefox\Profiles\26ro77mz.default\extensions\firefox@tvunetworks.com [2010.05.13 14:00:30 | 000,002,059 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\daemon-search.xml [2010.12.29 17:56:17 | 000,000,961 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\icqplugin-1.xml [2010.12.08 08:33:44 | 000,000,961 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\icqplugin-2.xml [2010.12.15 08:08:09 | 000,000,961 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\icqplugin-3.xml [2010.06.27 20:55:18 | 000,000,168 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\icqplugin.gif [2010.06.27 20:55:18 | 000,000,618 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\icqplugin.src [2010.06.29 20:41:44 | 000,001,150 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\icqplugin.xml [2010.06.29 20:41:44 | 000,001,058 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\{15FDDC42-C904-4D95-B1DD-C16849F580DE}.xml [2010.06.29 20:41:44 | 000,002,041 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\{206D33AF-D38D-4CFB-9787-CBA403E8F18D}.xml [2010.06.29 20:41:44 | 000,002,486 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\{3E92A994-BC62-4AF9-968F-1E07E8E7DC3A}.xml [2010.06.29 20:41:44 | 000,024,003 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\{747ADC84-525A-489F-A186-A2438908BBBC}.xml [2010.06.29 20:41:44 | 000,001,834 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\{B7865CFF-B49A-4275-9109-FF0A7403EFD8}.xml [2010.06.29 20:41:44 | 000,002,152 | ---- | M] () -- C:\Users\holger\AppData\Roaming\Mozilla\Firefox\Profiles\26ro77mz.default\searchplugins\{E0669353-4002-4229-8536-CE3453041AF0}.xml O1 HOSTS File: ([2007.10.16 17:52:02 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotKeysCmds] File not found O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] File not found O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Users\Mari\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [Ocs_SM] C:\Users\holger\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [Persistence] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Steam] C:\Valve\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found O13 - gopher Prefix: missing O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\r3hook.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\r3hook.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1996.02.06 13:41:48 | 000,028,458 | ---- | M] () - C:\AUTO.WAV -- [ NTFS ] O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.03.02 10:31:43 | 000,162,880 | ---- | M] () - E:\autorun.exe -- [ NTFS ] O33 - MountPoints2\{ee482216-5ea9-11df-b2f6-001b381b7fae}\Shell - "" = AutoRun O33 - MountPoints2\{ee482216-5ea9-11df-b2f6-001b381b7fae}\Shell\AutoRun\command - "" = Z:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.25 19:35:44 | 000,000,000 | ---D | C] -- C:\Programme\skiguide2011 [2011.01.24 19:27:41 | 000,000,000 | ---D | C] -- C:\Users\holger\AppData\Roaming\Malwarebytes [2011.01.24 19:27:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.24 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.24 19:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.24 19:27:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.24 19:27:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.11 08:31:01 | 000,000,000 | -HSD | C] -- C:\found.003 [2011.01.01 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\holger\AppData\Roaming\Local [2011.01.01 17:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.29 09:28:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CB91375-A4A3-47B6-880C-F9B473A1CE65}.job [2011.01.29 09:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.29 09:23:35 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.29 09:23:35 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.29 08:24:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.01.29 08:23:45 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.29 08:23:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.29 08:22:53 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2011.01.28 23:08:10 | 3130,405,408 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat [2011.01.28 23:08:10 | 041,899,304 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx [2011.01.27 16:27:37 | 390,741,444 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.25 19:36:19 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\ADAC SkiGuide DVD 2011.lnk [2011.01.24 19:27:29 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.24 15:36:12 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.01.23 20:15:24 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for holger.job [2011.01.22 20:56:26 | 000,005,117 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2 [2011.01.14 08:18:56 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.01.10 20:12:26 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.10 20:12:26 | 000,140,352 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.10 20:12:26 | 000,121,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.10 20:12:26 | 000,084,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.02 20:49:57 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011.01.01 17:19:35 | 000,001,400 | ---- | M] () -- C:\Users\holger\Desktop\DivX Movies.lnk [2011.01.01 17:18:04 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.27 16:27:39 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys [2011.01.25 19:36:19 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\ADAC SkiGuide DVD 2011.lnk [2011.01.24 19:27:29 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.24 15:36:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.01 17:18:28 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.01.01 17:18:04 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.10.09 18:10:46 | 000,000,008 | RHS- | C] () -- C:\ProgramData\6C6C710F0D.sys [2010.05.13 13:59:16 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.04 20:21:42 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\D037FCBD61.sys [2009.12.04 20:21:39 | 000,001,838 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.11.22 20:20:37 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.11.22 20:20:36 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.11.22 20:20:36 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.01.25 14:09:43 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll [2009.01.25 14:09:43 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll [2009.01.05 23:21:35 | 000,000,532 | ---- | C] () -- C:\Windows\muserr.ini [2009.01.05 19:31:59 | 000,002,447 | ---- | C] () -- C:\Windows\musi.ini [2008.12.02 19:24:35 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2008.11.21 20:36:36 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008.11.21 20:36:36 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8F84EDACEC.sys [2008.07.12 12:01:44 | 000,000,018 | ---- | C] () -- C:\Windows\gfact.ini [2008.03.01 19:23:22 | 000,001,100 | ---- | C] () -- C:\Programme\INSTALL.LOG [2008.03.01 19:22:26 | 000,853,424 | ---- | C] () -- C:\Programme\WinPolis.EXE [2008.03.01 19:22:23 | 000,079,248 | ---- | C] () -- C:\Programme\KRANK.WAV [2008.03.01 19:22:23 | 000,075,724 | ---- | C] () -- C:\Programme\POST.WAV [2008.03.01 19:22:23 | 000,062,190 | ---- | C] () -- C:\Programme\SAEGE.WAV [2008.03.01 19:22:23 | 000,061,784 | ---- | C] () -- C:\Programme\URLAUB.WAV [2008.03.01 19:22:23 | 000,055,896 | ---- | C] () -- C:\Programme\TASTATUR.WAV [2008.03.01 19:22:23 | 000,046,303 | ---- | C] () -- C:\Programme\TIMEWAS.MID [2008.03.01 19:22:23 | 000,041,752 | ---- | C] () -- C:\Programme\GELD3.WAV [2008.03.01 19:22:23 | 000,041,586 | ---- | C] () -- C:\Programme\KLAVIER.WAV [2008.03.01 19:22:23 | 000,040,556 | ---- | C] () -- C:\Programme\GELD2.WAV [2008.03.01 19:22:23 | 000,035,570 | ---- | C] () -- C:\Programme\VIDEO.WAV [2008.03.01 19:22:23 | 000,035,362 | ---- | C] () -- C:\Programme\APPLAUS.WAV [2008.03.01 19:22:23 | 000,031,154 | ---- | C] () -- C:\Programme\GELD1.WAV [2008.03.01 19:22:23 | 000,030,290 | ---- | C] () -- C:\Programme\DRUCKER.WAV [2008.03.01 19:22:23 | 000,029,616 | ---- | C] () -- C:\Programme\FRAGEN.TXT [2008.03.01 19:22:23 | 000,028,458 | ---- | C] () -- C:\Programme\AUTO.WAV [2008.03.01 19:22:23 | 000,022,842 | ---- | C] () -- C:\Programme\WUERFEL.WAV [2008.03.01 19:22:23 | 000,022,811 | ---- | C] () -- C:\Programme\QUESTION.TXT [2008.03.01 19:22:23 | 000,021,430 | ---- | C] () -- C:\Programme\FRAGE.WAV [2008.03.01 19:22:23 | 000,019,584 | ---- | C] () -- C:\Programme\MEER.WAV [2008.03.01 19:22:23 | 000,018,402 | ---- | C] () -- C:\Programme\TENNIS.WAV [2008.03.01 19:22:23 | 000,015,150 | ---- | C] () -- C:\Programme\LACHEN.WAV [2008.03.01 19:22:23 | 000,014,054 | ---- | C] () -- C:\Programme\KARTEN.WAV [2008.03.01 19:22:23 | 000,012,612 | ---- | C] () -- C:\Programme\HUND.WAV [2008.03.01 19:22:23 | 000,005,238 | ---- | C] () -- C:\Programme\NIESEN.WAV [2008.02.10 19:07:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.01.05 19:00:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2008.01.03 18:54:25 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2007.12.22 23:17:24 | 000,018,432 | ---- | C] () -- C:\Users\holger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.19 20:07:36 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2007.10.16 17:52:02 | 000,000,344 | ---- | C] () -- C:\Windows\psnetwork.ini [2007.09.21 19:45:18 | 000,000,016 | -H-- | C] () -- C:\Users\holger\AppData\Roaming\mxfilerelatedcache.mxc2 [2007.09.21 19:45:18 | 000,000,016 | -H-- | C] () -- C:\Users\holger\AppData\Local\mxfilerelatedcache.mxc2 [2007.07.12 09:54:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.07.12 09:45:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.07.12 09:45:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.07.12 09:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.07.12 09:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.07.12 09:45:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.07.12 09:45:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.07.12 09:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007.04.16 10:31:38 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2007.04.16 07:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.04.16 07:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.04.16 06:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.04.16 06:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.04.16 06:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.04.16 06:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.04.16 06:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.16 05:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll [2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.11.23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.12.16 15:27:20 | 000,285,696 | ---- | C] () -- C:\Windows\System32\Cncs232.dll < End of report > |
|
29.01.2011, 09:39
| #12 |
| | wurm.P2P gefunden, was soll ich tun? und hier ist der "Extras" Log:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.01.2011 09:27:34 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mari\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 18,39 Gb Free Space | 19,74% Space Free | Partition Type: NTFS
Drive E: | 91,69 Gb Total Space | 80,80 Gb Free Space | 88,13% Space Free | Partition Type: NTFS
Drive G: | 3,62 Gb Total Space | 3,43 Gb Free Space | 94,91% Space Free | Partition Type: FAT32
Computer Name: HOLGER-PC | User Name: holger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- ()
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate -- (ppmate)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04739B86-DDD4-418B-A97B-3461768C27B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F14FC59-5171-43E7-960B-4060CF848CB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{328F10BB-6175-4A2B-B928-DEAB96FC8F83}" = lport=137 | protocol=17 | dir=in | app=system |
"{4151F7C5-EAEA-49ED-B1EF-678EA1A28F88}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4A59C12F-2D89-4832-8968-8F6D54D38808}" = lport=2869 | protocol=6 | dir=in | app=system |
"{58E59D42-4C22-488D-8922-659F1A75F4A3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5CC9CF64-D09B-4296-B5AF-0A06BFD0A6CF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5E4D0D48-110D-44A2-AD72-217D6415C162}" = rport=445 | protocol=6 | dir=out | app=system |
"{63CCB6C7-0130-49FC-9F1D-ECE482CD8A26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6500181B-5D28-41ED-96A1-FBBA27F72AD8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6A808FA8-FF59-4767-AE0E-03E2CA5983DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6D848AE4-1F11-45E0-92AA-5F36B63251E6}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C76A149-84F2-451D-ACE0-06E63FCF01A9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7CB594D0-6F6E-45DE-95C4-DF5E84088F72}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D81D40B-4F6F-48BF-8A20-407E5985701D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9B9FC4C2-57FA-47FD-874D-DCA1CCBA7C35}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A7EFF38B-A4E1-4479-A06A-7F31495D045F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A93C451E-9CFB-4A9B-B7EF-39E54D5EA86C}" = lport=139 | protocol=6 | dir=in | app=system |
"{AADCBF04-B02D-4CF6-8DDF-5807580F10A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B54F7021-5CA7-4A3C-89AB-BC7C1482F290}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF240DA3-C4D5-4FFC-8057-7C787DB5CA75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAE97C60-9A6E-4BD8-B6DD-1F321EF2657E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F2508DF9-1A8E-462D-A805-F58B79A729F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6271165-1153-4CF8-8D9B-6A7E16790977}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002032BD-6EF7-4717-9840-A9C5775D83A7}" = protocol=17 | dir=in | app=e:\silk\rappelz\unins000.exe |
"{08DBB0D0-15F9-4FF9-95EB-FA5AE74B64DA}" = protocol=6 | dir=in | app=e:\silk\rappelz\unins000.exe |
"{0CE9A3E2-7AD4-4D8C-9E9B-1E86CBE7EDD8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{1D1005C5-69A8-473F-A4E5-6A17F88A183E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1F8BDFC8-7C82-4975-9119-7C6E920B7634}" = protocol=17 | dir=in | app=e:\silk\rappelz\rappelzconfig.exe |
"{261C1745-F587-4188-B041-05ADE17DF589}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33B1B653-A97A-4546-96FA-DD5844C2F62A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3AEBBA1B-A3A2-4FC7-92E6-ACAEC0556B5C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{41D1BAEA-D8C7-44A4-B7CF-A5AA28A8367C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{53570169-C65C-4AA1-88F5-FCEF3C689CD6}" = protocol=17 | dir=in | app=e:\silk\rappelz\win98supdateutil.exe |
"{60F0934C-EE03-4FF5-840E-45DC36E83D91}" = protocol=6 | dir=in | app=e:\silk\rappelz\rappelzconfig.exe |
"{653B22EB-E58D-49AA-BF35-07F8634D1B1F}" = protocol=6 | dir=in | app=e:\silk\rappelz\win98supdateutil.exe |
"{65B3524F-0A92-429D-8085-40813B8AEF1A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{68F64563-68EC-4F41-B546-60ED55BAE837}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{69627B7B-DD8B-47EA-AADA-2A1672E7349C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{749F4FB1-148A-4286-901E-07495C5B4147}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{763B9FA1-4040-4A5C-A6A7-4B848F342328}" = protocol=6 | dir=in | app=e:\silk\rappelz\sframe.exe |
"{77367F9A-2625-4E75-870B-C8DDB372FFA1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{7AE9093C-B993-4499-A3D6-2406F1B172EE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{815978A1-7BF7-40BA-B4D3-B9DBBC234C2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D007E82-6B78-4985-8601-B43AA0203F9A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9E36320A-270F-452D-BD66-EC15241F50E6}" = dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat |
"{A35474C1-07E0-4D5F-966C-2533C03CE0C6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AE5D868C-F50A-4121-B4A8-7B5E046A5F67}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B92FD75A-B6A1-48AA-BA9A-30E16FC20FD2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C0C62E26-D326-484B-B4B3-426B73916DAB}" = protocol=17 | dir=in | app=e:\silk\rappelz\launcher.exe |
"{C0ECEAE3-7BA8-4569-8C5E-D27FF936DDD6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C21C6BD6-CBB5-4035-8447-A627FA6DC1DC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D233A3EC-65FB-4B47-9345-408C2968EECA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D4872F2F-ECF7-4AFB-A6E1-D13095E165E9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D74B29B7-604D-4920-8247-C370B04B105A}" = protocol=6 | dir=in | app=e:\silk\rappelz\launcher.exe |
"{D9336D3F-E4C6-4B87-8374-7A8612E0A45B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE4D8382-42B4-4E6A-9B64-A34C5D0ECC1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E1E0486B-81DF-44D5-A644-CAF5F9586529}" = protocol=17 | dir=in | app=e:\silk\rappelz\sframe.exe |
"{ECFA5479-4E09-4232-A192-DFC08FAF4A74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{0106BFBF-7614-4C68-8B7E-6BDA7714F799}E:\diablo2\diablo ii\game.exe" = protocol=6 | dir=in | app=e:\diablo2\diablo ii\game.exe |
"TCP Query User{03C36E11-52FB-4C69-8C43-6B04E514A5A9}C:\desktop\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\desktop\sopcast\sopcast.exe |
"TCP Query User{04C64B85-0CA7-4E82-8A59-3FDA8305DF1F}E:\valve\condition zero\hlds.exe" = protocol=6 | dir=in | app=e:\valve\condition zero\hlds.exe |
"TCP Query User{0513E272-1727-4273-81C7-AC4D6DB28BC6}D:\urbanterror\iourtded.exe" = protocol=6 | dir=in | app=d:\urbanterror\iourtded.exe |
"TCP Query User{0A34DF82-EAC2-465C-A7E9-8E6C823B9974}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{0C0943D0-645E-4385-805F-46FBA01A6BC6}C:\users\mari\appdata\local\temp\gm_ttt_61874\pong3.exe" = protocol=6 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_61874\pong3.exe |
"TCP Query User{146BCB45-9978-47D0-8660-A8C4B01BD001}D:\skype\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\skype\skype\phone\skype.exe |
"TCP Query User{149D0039-D3A7-4B45-920C-E4A74A2E42B8}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1FE46B25-1BAC-4568-9ED7-AD85FE12AE4F}C:\program files\microsoft games\dungeon siege\dungeonsiege.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\dungeon siege\dungeonsiege.exe |
"TCP Query User{2BDA0F58-7145-4A90-8C74-CAC3D22CC018}C:\users\mari\appdata\local\microsoft\windows\temporary internet files\content.ie5\2xi119bg\yuleech-runesofmagic2_0_1_1821-de[1].exe" = protocol=6 | dir=in | app=c:\users\mari\appdata\local\microsoft\windows\temporary internet files\content.ie5\2xi119bg\yuleech-runesofmagic2_0_1_1821-de[1].exe |
"TCP Query User{3E1E0128-FEB0-4D5F-B32D-1A895317E73A}G:\diablo ii lod\diablo ii\game.exe" = protocol=6 | dir=in | app=g:\diablo ii lod\diablo ii\game.exe |
"TCP Query User{482B996D-78CE-4568-9461-C03913B90395}E:\warcraft iii (frozen throne)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii (frozen throne)\warcraft iii\war3.exe |
"TCP Query User{5111509C-2B91-4DAD-AA27-A45C3B24BD21}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{56861FAE-9FB6-42DC-ACD1-5C451AC9B243}E:\valve\condition zero\hltv.exe" = protocol=6 | dir=in | app=e:\valve\condition zero\hltv.exe |
"TCP Query User{58C0466C-5AEE-4531-B738-4EB8EC411819}C:\program files\ppmate\ppmnet.exe" = protocol=6 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"TCP Query User{653FDA22-7936-4630-9FDE-C2D3CE785B16}C:\users\mari\gamedisk\firefoxportable\app\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\users\mari\gamedisk\firefoxportable\app\firefox\firefox.exe |
"TCP Query User{67B23092-84EC-402A-BC94-187C2A83D7F6}C:\users\mari\saved games\metin2.bin" = protocol=6 | dir=in | app=c:\users\mari\saved games\metin2.bin |
"TCP Query User{6FB07C2B-4378-4E21-B528-2731AE6CD436}C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"TCP Query User{72DCA653-0A4D-4997-9AB4-52460D4604FF}C:\users\mari\downloads\fogdownloader-rom_2_1_0_1871.exe" = protocol=6 | dir=in | app=c:\users\mari\downloads\fogdownloader-rom_2_1_0_1871.exe |
"TCP Query User{7A3AC719-95B9-4DEC-996A-82013D1B0E9D}C:\users\mari\appdata\local\temp\gm_ttt_45478\chat.exe" = protocol=6 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_45478\chat.exe |
"TCP Query User{80EF129F-8F42-4350-AB90-520A430BCDCA}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{84CC25F5-57F9-4493-AD94-2079361AD028}C:\users\mari\desktop\pong.exe" = protocol=6 | dir=in | app=c:\users\mari\desktop\pong.exe |
"TCP Query User{8EE84F5B-3DD7-4B84-9940-652B5290622B}C:\users\mari\appdata\local\temp\gm_ttt_5266\chat.exe" = protocol=6 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_5266\chat.exe |
"TCP Query User{977399FB-85DB-42D5-8AEB-E7914425E218}C:\program files\ea games\command and conquer generäle\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command and conquer generäle\game.dat |
"TCP Query User{9AE113EB-B461-4628-A477-5651C038CF61}Z:\setup\sof2mp.exe" = protocol=6 | dir=in | app=z:\setup\sof2mp.exe |
"TCP Query User{9E37E718-C1FE-4A62-AFC3-741D106C1C6C}C:\users\mari\appdata\roaming\icq\application\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\users\mari\appdata\roaming\icq\application\icq7.0\icq.exe |
"TCP Query User{A95E729C-CDA3-432C-81CE-A7ADCFEC06A7}C:\users\mari\desktop\alle sachen\pro chat.exe" = protocol=6 | dir=in | app=c:\users\mari\desktop\alle sachen\pro chat.exe |
"TCP Query User{B176EFF5-2F1E-416D-9F8C-2B536DA6FD20}C:\users\mari\appdata\local\temp\gm_ttt_45478\pong3.exe" = protocol=6 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_45478\pong3.exe |
"TCP Query User{B3167E3E-EA95-4EFA-BF85-00466C6E9412}C:\users\mari\westwood\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=c:\users\mari\westwood\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"TCP Query User{B3434632-3972-48C3-B9F4-E87440D2291F}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{BA9BDB44-8A92-4070-98F0-6678F32EAC06}C:\users\mari\appdata\roaming\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\mari\appdata\roaming\icq6\icq.exe |
"TCP Query User{C6502D81-7A71-4F4F-8A4B-47CCCC55B74B}C:\users\mari\desktop\alle sachen\alles\desktop\gameboy\desmume.exe" = protocol=6 | dir=in | app=c:\users\mari\desktop\alle sachen\alles\desktop\gameboy\desmume.exe |
"TCP Query User{CA05DC35-B5EC-45A8-B589-2F14236FCEDD}C:\desktop\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\desktop\sopcast\adv\sopadver.exe |
"TCP Query User{D3DF651D-1E4D-459F-9F03-5F40D64B759D}C:\westwood\ar2\game.exe" = protocol=6 | dir=in | app=c:\westwood\ar2\game.exe |
"TCP Query User{DB225BEE-7875-4DF3-9A42-A756EF3BE841}E:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=e:\valve\condition zero\czero.exe |
"TCP Query User{DC0E6ABB-C906-4980-802F-D2A1FCA8B3E3}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{E02C8DB4-5FBE-48D7-A029-6BBA61289FF4}C:\users\mari\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mari\program files\dna\btdna.exe |
"TCP Query User{F189AA3B-D57B-4F1D-A4DB-B316F1BE7FB6}D:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\urbanterror\iourbanterror.exe |
"TCP Query User{F6F11800-7D68-45C3-85D0-2864F1D6CB96}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe |
"TCP Query User{F75CAE90-1769-4D7B-8F18-25DE85A84D31}C:\users\mari\appdata\local\temp\gm_ttt_61874\chat.exe" = protocol=6 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_61874\chat.exe |
"TCP Query User{FF1C37E7-92EE-4070-A101-5F8166A137E8}C:\users\holger\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=6 | dir=in | app=c:\users\holger\downloads\fogdownloader-rom_2_1_6_2049.exe |
"UDP Query User{09A3BC0C-8F7B-4B11-89D7-B085FB553564}C:\program files\ppmate\ppmnet.exe" = protocol=17 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"UDP Query User{0B772B58-AD58-4041-951F-0B3669611B4D}C:\desktop\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\desktop\sopcast\sopcast.exe |
"UDP Query User{0D90BA59-215B-4CFE-828C-D4314415E07F}G:\diablo ii lod\diablo ii\game.exe" = protocol=17 | dir=in | app=g:\diablo ii lod\diablo ii\game.exe |
"UDP Query User{133DB6BF-B641-421F-96A0-9D27C3D5A19F}E:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=e:\valve\condition zero\czero.exe |
"UDP Query User{145626E4-35D0-47D6-B6A0-D9CF483E34BC}C:\users\mari\desktop\pong.exe" = protocol=17 | dir=in | app=c:\users\mari\desktop\pong.exe |
"UDP Query User{1721A989-8F55-439D-9C85-06A248A982BF}C:\users\mari\appdata\local\microsoft\windows\temporary internet files\content.ie5\2xi119bg\yuleech-runesofmagic2_0_1_1821-de[1].exe" = protocol=17 | dir=in | app=c:\users\mari\appdata\local\microsoft\windows\temporary internet files\content.ie5\2xi119bg\yuleech-runesofmagic2_0_1_1821-de[1].exe |
"UDP Query User{18107BEE-1679-4BF4-AA70-22FBDB4E81CE}C:\users\mari\gamedisk\firefoxportable\app\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\users\mari\gamedisk\firefoxportable\app\firefox\firefox.exe |
"UDP Query User{3AB7AA76-561E-4A94-9172-5316F406EC32}C:\desktop\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\desktop\sopcast\adv\sopadver.exe |
"UDP Query User{3EAD2EF0-B167-47C4-BBBC-C496767B4117}C:\program files\microsoft games\dungeon siege\dungeonsiege.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\dungeon siege\dungeonsiege.exe |
"UDP Query User{41B9D6E5-267D-450A-88CD-B6DC3126B5F1}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{423CF380-31B8-4F64-B57F-811796631436}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe |
"UDP Query User{4D4DB0F6-2B33-4DCC-A6AE-B583144B727B}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{53861317-973E-4B8F-9509-5826B79A7771}C:\users\mari\appdata\local\temp\gm_ttt_61874\chat.exe" = protocol=17 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_61874\chat.exe |
"UDP Query User{55C5EA4C-849C-4E90-8C64-F22ED503FB5B}E:\valve\condition zero\hltv.exe" = protocol=17 | dir=in | app=e:\valve\condition zero\hltv.exe |
"UDP Query User{6066FF64-463A-4E49-BF53-2D1841AAA844}E:\diablo2\diablo ii\game.exe" = protocol=17 | dir=in | app=e:\diablo2\diablo ii\game.exe |
"UDP Query User{607BA87C-BA12-4BCE-905B-C219602DA8E8}Z:\setup\sof2mp.exe" = protocol=17 | dir=in | app=z:\setup\sof2mp.exe |
"UDP Query User{6333E100-CF0C-4DA2-82DB-820588850D61}C:\users\mari\appdata\local\temp\gm_ttt_5266\chat.exe" = protocol=17 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_5266\chat.exe |
"UDP Query User{6578CE24-A1AE-4A09-9FDC-0D41624E18A8}D:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\urbanterror\iourbanterror.exe |
"UDP Query User{6952A915-0FAB-4CD4-9098-C7A28B96F390}C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"UDP Query User{69F44EFD-41A9-4A32-8692-812D8546241D}C:\users\mari\desktop\alle sachen\alles\desktop\gameboy\desmume.exe" = protocol=17 | dir=in | app=c:\users\mari\desktop\alle sachen\alles\desktop\gameboy\desmume.exe |
"UDP Query User{6CBBC742-E1D7-484C-864D-DB00A2D82BB1}E:\warcraft iii (frozen throne)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii (frozen throne)\warcraft iii\war3.exe |
"UDP Query User{70260221-E821-442E-BE1C-F99104A9934E}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{79243AE3-3DA5-45A9-BC9E-6E70AD4C3F03}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{7C6330CA-2278-4E8C-A762-03BD46ECE12F}C:\users\mari\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mari\program files\dna\btdna.exe |
"UDP Query User{82B814B8-EE1E-4C3C-9B5E-F9003BD2BF66}D:\skype\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\skype\skype\phone\skype.exe |
"UDP Query User{861C122D-6BF1-4805-AFB3-819D091EDCE9}C:\users\mari\westwood\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=c:\users\mari\westwood\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"UDP Query User{8BB3CFF5-4FB4-46DC-82BA-7B5C453FE3D9}E:\valve\condition zero\hlds.exe" = protocol=17 | dir=in | app=e:\valve\condition zero\hlds.exe |
"UDP Query User{8E7D7196-44E0-43B2-8B36-806B54F92210}C:\users\mari\desktop\alle sachen\pro chat.exe" = protocol=17 | dir=in | app=c:\users\mari\desktop\alle sachen\pro chat.exe |
"UDP Query User{ABFE5C88-9960-43B4-A4D1-94AD85E49E95}C:\users\mari\appdata\roaming\icq\application\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\users\mari\appdata\roaming\icq\application\icq7.0\icq.exe |
"UDP Query User{ADD99489-510F-46D8-A0CA-C92B0C776720}C:\program files\ea games\command and conquer generäle\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command and conquer generäle\game.dat |
"UDP Query User{B17A1159-DA27-4BEB-A37B-F8EFB7EB371E}C:\users\mari\appdata\local\temp\gm_ttt_45478\chat.exe" = protocol=17 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_45478\chat.exe |
"UDP Query User{B48A202D-37B2-4E37-ABAF-A68A5A001663}D:\urbanterror\iourtded.exe" = protocol=17 | dir=in | app=d:\urbanterror\iourtded.exe |
"UDP Query User{B9479E14-158F-4D33-956F-DB12A00489A1}C:\users\mari\downloads\fogdownloader-rom_2_1_0_1871.exe" = protocol=17 | dir=in | app=c:\users\mari\downloads\fogdownloader-rom_2_1_0_1871.exe |
"UDP Query User{BFE3E078-C1E2-40C2-91D3-224FBC300854}C:\users\mari\saved games\metin2.bin" = protocol=17 | dir=in | app=c:\users\mari\saved games\metin2.bin |
"UDP Query User{C421D6F2-1025-4C8D-9A07-178471F5F149}C:\users\mari\appdata\local\temp\gm_ttt_61874\pong3.exe" = protocol=17 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_61874\pong3.exe |
"UDP Query User{C9724653-695C-47D4-BD63-2A45235AA59F}C:\users\mari\appdata\roaming\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\mari\appdata\roaming\icq6\icq.exe |
"UDP Query User{D4DC6019-D79C-4A4D-BD5F-B2F64D6BDD6D}C:\westwood\ar2\game.exe" = protocol=17 | dir=in | app=c:\westwood\ar2\game.exe |
"UDP Query User{DBFE272F-6D85-44EC-946B-C10D51A173B1}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{E7D0EA56-CED6-4918-97FB-BA97B4FA10CE}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{EFB6930B-C39B-4374-911E-80AB742776EA}C:\users\mari\appdata\local\temp\gm_ttt_45478\pong3.exe" = protocol=17 | dir=in | app=c:\users\mari\appdata\local\temp\gm_ttt_45478\pong3.exe |
"UDP Query User{F7C4386F-0D49-4D36-BD4D-32C032470A39}C:\users\holger\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=17 | dir=in | app=c:\users\holger\downloads\fogdownloader-rom_2_1_6_2049.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00004EE8-1E8B-BB10-6588-07DF0D120F6B}" = CCC Help Korean
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{02E107FC-1861-FC4A-E80F-07DA9DC5808C}" = Catalyst Control Center Graphics Previews Vista
"{03C55715-3545-2DF8-8C64-2BB877955150}" = Catalyst Control Center Localization Chinese Traditional
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{0755396F-D048-8CDD-6AC3-C7C83A6869B5}" = CCC Help Czech
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08B7B1F9-A8EB-7632-FFC3-04AB5328143B}" = CCC Help Chinese Standard
"{09F52B2B-8B36-130C-5EBD-6E5FFC5FA0B7}" = CCC Help English
"{0E1C53DA-DF86-845A-7BEB-14C4A8E0B150}" = Catalyst Control Center Localization Korean
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{151FFC5F-ADE2-4CC3-AB0B-D9F8EB3FBF7A}" = Wildlife Park 2
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15B924BC-AEB2-7E31-F414-1FC7B385846A}" = CCC Help Greek
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20CFE038-F4CE-0716-DCA0-04BBD67FE5EA}" = CCC Help Turkish
"{2126F5BB-AB90-083F-7AA8-A29D73819DAA}" = CCC Help French
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26E6EA50-532C-8CF3-5EB4-8C8D306EAB58}" = Catalyst Control Center Localization Polish
"{27CD3616-D3B0-834C-89A3-4FC5CEE7374D}" = Catalyst Control Center Graphics Full Existing
"{28912B61-0265-3C33-7EC7-14345AC76E3D}" = CCC Help Hungarian
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2D06C1FE-8454-5663-D0E9-1C130FD96446}" = Catalyst Control Center Localization Norwegian
"{30F9E15A-EE25-6D32-62CE-2E6BEAED3766}" = CCC Help Italian
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{342A19C7-3335-C02F-F1DD-3A0B49C3D047}" = Catalyst Control Center Localization Greek
"{34EF4F67-A3CE-DAB6-FA06-7C4C59A0D462}" = Catalyst Control Center Localization Swedish
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}" = Command & Conquer 3 Tiberium Wars™ Demo
"{3CE22BE4-E2D3-F0E8-1C52-1B5A5F97B876}" = Catalyst Control Center Localization Turkish
"{400F4990-B111-109A-6B08-E80CB42651AA}" = Catalyst Control Center Localization Danish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42E0783D-3BA4-454B-B58A-BF26E49EB7DE}" = Ballance
"{44479884-EB6D-38DA-1D3E-835625E40F7E}" = Catalyst Control Center Graphics Previews Common
"{480CA9F1-17E2-0B15-9684-511C0A083F92}" = Catalyst Control Center Localization Thai
"{4A935817-099C-4E8C-AEA8-1D9F88FBA91C}" = blueMSX
"{4F31172C-2692-BB28-8F5B-86474CEC5D33}" = Catalyst Control Center Localization Chinese Standard
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54AAFB71-6DCB-32EB-8F91-DA7643497ED4}" = Catalyst Control Center Localization Spanish
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5D1CB0EC-0CA2-B4FD-2A10-2503A3CF7E46}" = Catalyst Control Center Localization Italian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFE618D-0100-6DE7-9894-5FD057103871}" = Catalyst Control Center Core Implementation
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63D10FBD-5667-DAD9-0B31-CED873B3F7EF}" = Catalyst Control Center Graphics Light
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7936153F-8D09-BC11-6DC4-1D4DEAB9D680}" = CCC Help Thai
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{816B8A02-76F0-AE47-E28F-0AD114CC261E}" = CCC Help Polish
"{82AB4F83-BBBA-8F04-EE34-11F74E39A4B6}" = Catalyst Control Center Localization German
"{83055630-E15A-11D8-9E00-0004769EEFEB}" = Hitblock
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Insel 2
"{86158699-F584-0DC9-119D-C5A6591090FB}" = CCC Help Chinese Traditional
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz_DE
"{920E3F1A-0B73-807D-EE0E-E6D89D4E5DDE}" = Catalyst Control Center Localization Dutch
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{985AF15E-776F-3CDD-EB92-2DAFF02697FB}" = Skins
"{98CE747E-4948-10B0-BBF0-5981A11114D1}" = Catalyst Control Center Localization Hungarian
"{99F54171-AE4A-579B-1544-5870478FC8F7}" = Catalyst Control Center Graphics Full New
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1BAD23B-748C-50FD-CCA9-956C3F54D138}" = CCC Help German
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA08E8D8-2D52-4996-9E4B-AFD95A91E61F}" = 3D Gamemaker Demo
"{ABD82299-8034-4B44-4FDB-3F8971C20575}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{ACE07E37-A416-9A6B-D352-C776FFA49493}" = CCC Help Spanish
"{B2AEC44B-F926-773D-D028-77CADEF8D9D3}" = CCC Help Norwegian
"{B537ACDB-7C56-83B6-034C-A5AF6400F789}" = CCC Help Swedish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8AB4511-EECC-9299-45B3-F25F4774F6F2}" = CCC Help Russian
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD75C1A0-F0ED-B54A-B49C-3244B47BA803}" = ccc-utility
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C6317675-96CC-D2AE-40F2-698F3DED64B4}" = CCC Help Portuguese
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE
"{C7FAEA9E-A14C-D8C9-EEE9-8D43F9E09565}" = Catalyst Control Center Localization Czech
"{CC35C434-FFC8-BDD8-44F0-ED0972484C56}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D646CA8B-5227-1598-5E9C-132B2D89A38D}" = Catalyst Control Center Localization Japanese
"{D8E302CB-8517-3E9B-C6C9-E90A21C6EFC5}" = CCC Help Danish
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E04D74CB-CF0B-46BA-942E-76B926336352}" = MatchWare Mediator 9
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E95FEA31-034D-42D0-8ED6-44D7F838BA6E}" = SpongeBob Schwammkopf - Schlacht um Bikini Bottom
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BB634D-B374-A329-EE5D-22C279F92A7F}" = ccc-core-static
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1426C-6670-4068-6398-EB490D45979F}" = Catalyst Control Center Localization Portuguese
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F8B5B814-A3BF-F83F-09ED-AED9EE88211A}" = Catalyst Control Center Localization French
"{F927176F-F8F0-FACF-A57E-4F95714B6F00}" = Catalyst Control Center Localization Russian
"{FA7BB878-FC13-7548-13D3-18A53381014D}" = CCC Help Japanese
"{FB56EE4D-7CBC-6FDC-E336-52BD269E4CF6}" = Catalyst Control Center Localization Finnish
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adventure Maker v4.4.0_is1" = Adventure Maker v4.4.0 (build1)
"Alex the Allegator 4_is1" = Alex4 v1.0
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"ANSTOSS 2" = ANSTOSS 2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CABAL Online_is1" = CABAL Online
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 2.2
"DungeonSiege 1.0" = Dungeon Siege
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.026
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Gamestudio A7" = Gamestudio A7
"Google Chrome" = Google Chrome
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"Gubble 2" = Gubb
"ICQLite" = ICQ 5.1
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"IDK - Inseln Des Krieges" = IDK - Inseln Des Krieges
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"Monopolie_is1" = Monopolie 0.9.7
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"myphotobook" = myphotobook 3.1
"Neffy" = Neffy 1,3,29,0
"New LEGO Digital Designer" = LEGO Digital Designer
"NSS" = Norton Security Scan
"Octava SD4" = Octava SD4
"Paintball2" = Paintball2 Alpha build 23
"Perpetuum" = Perpetuum
"PhotoStitch" = Canon Utilities PhotoStitch
"POKéGAME32" = POKéMON Simulator 4.5
"ppmate" = PPMate Network TV 2.0.0.40
"PressAKey" = PressAKey (Bläul.de - Startseite)
"ProInst" = Intel(R) PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"RollerCoaster Tycoon Setup" = Roll
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RPG Maker 95+ (Translated by Don Miguel)" = RPG Maker 95+ (Translated by Don Miguel)
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Santa Claus in trouble ... gold!" = Santa Claus in trouble ... gold!
"SearchAnonymizer" = SearchAnonymizer
"Sobo-CAD für AutoCAD 2009" = Sobo-CAD für AutoCAD 2009
"Software Informer_is1" = Software Informer 1.0 BETA
"SopCast" = SopCast 3.2.9
"Steam" = Steam
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The I of the Dragon" = The I of the Dragon
"TomTom HOME" = TomTom HOME 2.7.5.2014
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.0.0
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"Warlords Battlecry II" = Warlords Battlecry II
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.01.2011 05:29:56 | Computer Name = holger-PC | Source = WerSvc | ID = 5007
Description =
Error - 27.01.2011 10:35:27 | Computer Name = holger-PC | Source = EventSystem | ID = 4609
Description =
Error - 27.01.2011 14:31:55 | Computer Name = holger-PC | Source = WerSvc | ID = 5007
Description =
Error - 28.01.2011 03:00:27 | Computer Name = holger-PC | Source = WinDefendRtp | ID = 3003
Description = Vom %%827-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt.
Er konnte daraufhin nicht gestartet werden. Benutzer: holger-PC\holger Prüfpunkt-ID:
7 Fehlercode: 0x80070020 Fehlerbeschreibung: Der Prozess kann nicht auf die Datei
zugreifen, da sie von einem anderen Prozess verwendet wird.
Error - 28.01.2011 03:24:42 | Computer Name = holger-PC | Source = EventSystem | ID = 4621
Description =
Error - 28.01.2011 06:29:15 | Computer Name = holger-PC | Source = WerSvc | ID = 5007
Description =
Error - 28.01.2011 14:57:29 | Computer Name = holger-PC | Source = WerSvc | ID = 5007
Description =
Error - 28.01.2011 18:07:21 | Computer Name = holger-PC | Source = EventSystem | ID = 4621
Description =
Error - 29.01.2011 03:26:58 | Computer Name = holger-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.01.2011 04:23:35 | Computer Name = holger-PC | Source = WerSvc | ID = 5007
Description =
[ System Events ]
Error - 28.01.2011 14:00:11 | Computer Name = holger-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 28.01.2011 14:03:45 | Computer Name = holger-PC | Source = DCOM | ID = 10000
Description =
Error - 28.01.2011 18:07:20 | Computer Name = holger-PC | Source = DCOM | ID = 10010
Description =
Error - 29.01.2011 03:22:57 | Computer Name = holger-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
Error - 29.01.2011 03:22:57 | Computer Name = holger-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
Error - 29.01.2011 03:22:57 | Computer Name = holger-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
Error - 29.01.2011 03:25:10 | Computer Name = holger-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2011 03:25:10 | Computer Name = holger-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2011 03:28:14 | Computer Name = holger-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2011 03:28:44 | Computer Name = holger-PC | Source = DCOM | ID = 10000
Description =
< End of report >
|
|
30.01.2011, 13:28
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wurm.P2P gefunden, was soll ich tun? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1996.02.06 13:41:48 | 000,028,458 | ---- | M] () - C:\AUTO.WAV -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.03.02 10:31:43 | 000,162,880 | ---- | M] () - E:\autorun.exe -- [ NTFS ]
O33 - MountPoints2\{ee482216-5ea9-11df-b2f6-001b381b7fae}\Shell - "" = AutoRun
O33 - MountPoints2\{ee482216-5ea9-11df-b2f6-001b381b7fae}\Shell\AutoRun\command - "" = Z:\Autorun.exe
[2011.01.11 08:31:01 | 000,000,000 | -HSD | C] -- C:\found.003
[2010.10.09 18:10:46 | 000,000,008 | RHS- | C] () -- C:\ProgramData\6C6C710F0D.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2011, 13:28
| #14 |
| | wurm.P2P gefunden, was soll ich tun? also erstmal, ich war im skiurlaub, und danach hab ich ganz vergessen, dass ich noch dieses problem hatte. also, ich habe getan was du gepostet hast, es ging alles gut, bis auf die tatsache, dass ich kein logfile erhalten habe. nach dem scan hab ich auf OK geklickt, und der rechner hat sich neugestartet, dann war nichts mehr. kein logfile, hab ich was falsch gemacht? |
|
13.03.2011, 14:26
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wurm.P2P gefunden, was soll ich tun? Schau bitte im Ordner C:\_OTL nach, am besten diesen kompletten Ordner bei uns hochladen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu wurm.P2P gefunden, was soll ich tun? |
| 2 infizierte dateien, angezeigt, anti-malware, antworten, bösartige, dateien, desktop, endgültig, explorer, files, gefunde, infizierte, infizierte dateien, local, microsoft, minute, programm, scan, sms, sobald, sofort, software, value, version, verzeichnisse, virus, wiederherstell, worm.p2p, worte, wurm, wurm.p2p |
