Skillcaps | 23.12.2011 14:36 | Hey. Also das Problem ist der leicht transparente Blackscreen mit der Meldung ' Ihr system wurde aufgrund von [...] blockiert' Und dem Button mit der Aufforderung einen 50 Euro Code preizugeben.
Der OTL Scan ist dieser :
OTL Logfile: Code:
OTL logfile created on: 23.12.2011 11:45:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gast\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,37% Memory free
4,22 Gb Paging File | 2,91 Gb Available in Paging File | 68,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,91 Gb Total Space | 190,96 Gb Free Space | 41,70% Space Free | Partition Type: NTFS
Drive D: | 7,84 Gb Total Space | 1,01 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Drive J: | 1,89 Gb Total Space | 1,71 Gb Free Space | 90,40% Space Free | Partition Type: FAT
Computer Name: MRSKILLCAP | User Name: Mr. Skillcap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gast\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\ezntsvc.exe (EasyBits Software Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\LevelOne\Common\RaUI.exe (Digital Data Communication Co., Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\LevelOne\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\LevelOne\Common\RaWLAPI.dll ()
========== Win32 Services (SafeList) ==========
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ezntsvc) -- C:\Windows\System32\ezntsvc.exe (EasyBits Software Corp.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (RalinkRegistryWriter) -- C:\Programme\LevelOne\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\Windows\System32\drivers\w800bus.sys (MCCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.11 17:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 17:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 17:49:20 | 000,000,000 | ---D | M]
[2010.03.10 14:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Extensions
[2011.11.08 20:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Firefox\Profiles\0hw262xl.default\extensions
[2010.08.09 21:16:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Firefox\Profiles\0hw262xl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.16 19:45:29 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Firefox\Profiles\0hw262xl.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2010.11.13 12:09:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Firefox\Profiles\0hw262xl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.18 23:06:11 | 000,000,950 | ---- | M] () -- C:\Users\Mr. Skillcap\AppData\Roaming\Mozilla\Firefox\Profiles\0hw262xl.default\searchplugins\icqplugin.xml
[2011.11.11 17:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.04 23:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.11 17:47:21 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\MR. SKILLCAP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HW262XL.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011.11.11 17:20:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.16 18:53:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 18:53:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.16 18:53:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 18:53:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 18:53:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 18:53:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mr. Skillcap\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE File not found
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [netset] C:\Windows\System32\netset.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{6FE23060-2A0C-11DF-BBB3-806E6F6E6963}] C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mr. Skillcap\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4397ED6-AA97-4F12-90AE-9F9025E1372F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) -C:\Windows\System32\ezShellStart.exe (EasyBits Software Corp.)
O24 - Desktop WallPaper: C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.07 18:52:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0860ab65-2a1f-11df-930f-001bfca45beb}\Shell - "" = AutoRun
O33 - MountPoints2\{0860ab65-2a1f-11df-930f-001bfca45beb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.12.23 11:49:47 | 000,000,000 | ---D | C] -- C:\7e0b890e2f865f5e484d68faa58f48
[2011.12.23 11:35:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.23 11:35:08 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\AppData\Roaming\Malwarebytes
[2011.12.23 11:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.23 11:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.23 11:34:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.23 11:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.15 14:37:56 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.12.15 14:16:50 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011.12.07 23:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.12.07 23:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.12.07 23:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.12.07 22:58:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.12.07 22:57:56 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011.12.07 22:57:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011.12.07 22:57:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.12.07 22:57:35 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.12.07 22:57:33 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.12.06 21:00:47 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\Desktop\We Eat Fat Kids
[2011.12.06 20:55:11 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.28 20:33:57 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\AppData\Roaming\.minecraft
[2011.11.28 14:21:36 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\Desktop\Aufnahmen ohne Drums
========== Files - Modified Within 30 Days ==========
[2011.12.23 11:38:37 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.23 11:34:58 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.23 11:31:24 | 000,693,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.23 11:31:24 | 000,654,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.23 11:31:24 | 000,137,740 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.23 11:31:24 | 000,120,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.23 11:25:49 | 000,111,008 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.23 11:25:48 | 000,111,008 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.23 11:25:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.23 11:25:46 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2011.12.23 11:25:42 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 11:25:42 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 11:25:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.23 11:25:31 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.22 23:03:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.22 22:40:39 | 000,012,984 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.12.15 21:05:59 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.12.15 14:16:50 | 000,000,312 | ---- | M] () -- C:\Users\Mr. Skillcap\Desktop\Curse Client.appref-ms
[2011.12.08 17:22:38 | 000,000,871 | ---- | M] () -- C:\Users\Mr. Skillcap\Desktop\Crysis2 - Verknüpfung.lnk
[2011.12.06 20:55:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.04 16:33:53 | 000,020,992 | ---- | M] () -- C:\Users\Mr. Skillcap\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.30 17:38:35 | 000,000,600 | ---- | M] () -- C:\Users\Mr. Skillcap\Desktop\24.November - Verknüpfung.lnk
[2011.11.27 12:28:40 | 000,000,581 | ---- | M] () -- C:\Users\Mr. Skillcap\Desktop\Pathetic - Verknüpfung.lnk
========== Files Created - No Company Name ==========
[2011.12.23 11:34:58 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.22 22:39:30 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.08 17:22:38 | 000,000,871 | ---- | C] () -- C:\Users\Mr. Skillcap\Desktop\Crysis2 - Verknüpfung.lnk
[2011.11.30 17:38:35 | 000,000,600 | ---- | C] () -- C:\Users\Mr. Skillcap\Desktop\24.November - Verknüpfung.lnk
[2011.11.27 12:28:40 | 000,000,581 | ---- | C] () -- C:\Users\Mr. Skillcap\Desktop\Pathetic - Verknüpfung.lnk
[2011.11.12 14:17:33 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.10.30 12:31:43 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2011.06.11 11:20:53 | 000,140,624 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.06.11 11:20:47 | 000,266,752 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.06.11 11:20:32 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.04 21:11:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.22 19:07:45 | 000,020,992 | ---- | C] () -- C:\Users\Mr. Skillcap\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.26 19:05:31 | 000,008,836 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2010.03.09 17:29:23 | 000,111,008 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.09 17:23:23 | 000,111,008 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.03.08 03:07:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.03.08 03:07:32 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.03.08 03:07:31 | 000,693,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.03.08 03:07:31 | 000,137,740 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.03.07 20:31:51 | 000,000,680 | ---- | C] () -- C:\Users\Mr. Skillcap\AppData\Local\d3d9caps.dat
[2010.03.07 18:43:21 | 000,111,129 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010.03.07 18:27:23 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2010.03.07 18:23:47 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2010.03.07 18:23:47 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007.03.06 09:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007.01.12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007.01.12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,435,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,654,402 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,120,738 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
< End of report > --- --- ---
[/code]
Extras File :
OTL Logfile: Code:
OTL Extras logfile created on: 23.12.2011 11:45:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gast\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,37% Memory free
4,22 Gb Paging File | 2,91 Gb Available in Paging File | 68,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,91 Gb Total Space | 190,96 Gb Free Space | 41,70% Space Free | Partition Type: NTFS
Drive D: | 7,84 Gb Total Space | 1,01 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Drive J: | 1,89 Gb Total Space | 1,71 Gb Free Space | 90,40% Space Free | Partition Type: FAT
Computer Name: MRSKILLCAP | User Name: Mr. Skillcap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9BA03-36EE-462C-9937-3EC459C5C5F8}" = rport=138 | protocol=17 | dir=out | app=system |
"{329FB102-1C17-4994-BF52-B85F5EE41927}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{32FF5E11-D74B-44C6-BF11-A0CBBC37FB7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3E8A148F-37AA-439F-87A0-52FFDF3318BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43747932-4E59-464D-BD8E-4350410243BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{55720473-3F42-4F16-AB6A-FF5C9E241384}" = lport=139 | protocol=6 | dir=in | app=system |
"{84C7AB56-B7F2-425F-8F13-E009CB7C494F}" = lport=445 | protocol=6 | dir=in | app=system |
"{871D7025-ACAC-42FB-A92E-E8E81A6033F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D7FCA62-8F59-4DBD-974D-EA42CDAC471E}" = rport=139 | protocol=6 | dir=out | app=system |
"{AC583DBC-228D-48C5-B6E6-EA6730A3C227}" = lport=138 | protocol=17 | dir=in | app=system |
"{D964D112-9F5D-4522-840B-18EA8EBC4C7D}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05001C4A-DA71-4087-B85E-1D18CCE68C46}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{07C4192E-2E26-44B8-8300-E4555A25377E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{123F6F68-A135-45D4-82DB-12CEC66CBA97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{126DE5A1-0914-4736-9BBA-51DEAF431352}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{13D5C1FD-12D0-4DA2-A1E8-633860AF6D6F}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{179F62EA-1211-4C4F-BC94-64CED1C58F8C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{19B1C7FF-111B-48B3-B041-DE9E1042EB91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1CBB0141-013A-40B6-9D48-A909AC782253}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{288A7698-A1B3-48F8-9F12-C30DDA25A2A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2AB4625E-31EA-4FAB-ADD6-05E1B9C74282}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{428D18F0-8FE5-4DC4-AA35-57430B3E878E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4E70BBD2-51A1-4DE0-A988-1DC70D28210D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{56FD4750-D8B6-4AE9-BE94-930298EBA6DA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{59BBA4F4-A116-4EE2-9EB1-03DC50426298}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{6AF880B9-6756-4A32-8EA9-D96B4C2549E2}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{6E6A0340-DCBD-445B-9CD2-A612CFDB024C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{6E727DD3-A6B1-49AA-9FFB-E48F4F11E593}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77223EF2-E07B-4288-9B55-7029E29B77B9}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{84638DD8-85A4-4230-B1E1-C8B3979D52E1}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"{8A18DF5D-8EFD-455E-A9DC-66378B719FD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{92BA9320-A0B3-4C8B-8924-7C8182090AE6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9BAEE02D-723F-4959-905C-C556C6D0C046}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9D29704D-15CD-4E4D-B30D-D06BFC3F5DBE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{A14239FD-F041-4772-8A6C-5D394E620AFC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{A7581421-8B57-4548-BCC7-DBAF038231BA}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"{B259F0E6-F1EF-46C7-AE52-42C9F3DD7125}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B338A16D-23CD-4316-8507-C11BECAF4412}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{B376C033-12B9-4BA1-A91E-B9AD51AA4EB8}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{B6287828-2454-4933-B13E-9946E80D8244}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B6CAA2CB-9629-4B7C-9987-EB65D596A4A6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat |
"{C02B528C-E073-42E3-BD75-6793D388165C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{DF67B3C3-A249-4B74-9098-323C20392724}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{E38DB494-2903-40F1-B8A6-46600DAA4885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F37867CF-A084-4278-919C-4423CEC1A213}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F5422E75-900A-45F3-AEC9-70643CFBA61E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB3E76CE-28A0-438A-A086-9915F10EDA9F}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"TCP Query User{05EB2C90-E9DD-4404-99FB-40F3B4B4AFEC}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{0938E253-4964-4A2F-995C-0BEF973C12EB}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{185A8364-7ED8-4AEB-BCED-81150E55F742}C:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{18FE4F76-4777-45CC-93AE-27C8881F2F77}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{1CC79E6C-3BB5-466F-A67F-3FC6D6352930}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{3776FEA5-F08B-474C-B52E-32B6509ACD8B}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{4735B479-B0E9-4B7A-A8AE-0B4764F9A13D}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"TCP Query User{4EBD0E16-D0D3-405F-8D01-BF30F9BE65E2}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{581392AF-21DE-40AE-B671-3F9B4ACFF8F5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe |
"TCP Query User{659B9D29-B1B7-4DA3-9BC4-5BD3167EB233}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{6836B14B-38AB-4664-BC66-661AD2B21FD9}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{68AD2B80-56AE-4303-B023-86334BEEF237}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{6D9AD56B-79D9-40F0-A018-5C15BCD4DAB6}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{6FCD1095-BB76-419F-9A0E-4720EDD8CDBA}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"TCP Query User{76D26E2B-177C-4DC7-877F-B9E3FE9BD060}C:\users\mr. skillcap\downloads\ptr-installer-de_de(3).exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de(3).exe |
"TCP Query User{7786F969-768C-43B2-8D7F-7DB20C52D428}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{7FEB49EC-B047-43F4-BB4C-61351C7A2CE0}C:\program files\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"TCP Query User{89542666-B1EC-42D9-8A13-6DC7DB0CE6BA}C:\users\mr. skillcap\downloads\ptr-installer-de_de(2).exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de(2).exe |
"TCP Query User{947FB433-A4EA-4558-BB9F-550D6B09DFAA}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"TCP Query User{A8AC02EE-4974-4796-8CAB-3A539139BF9B}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{AAD08161-7604-4C61-9145-B6E90FFD8347}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{AF72E5D7-B14F-4B13-9509-92957CE2D6FE}C:\users\mr. skillcap\downloads\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de.exe |
"TCP Query User{B271B6CF-318B-406C-A2DC-F0149F0F724A}C:\program files\world of warcraft public test\temp\wow-4.2.0.2483-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.0.2483-enus-ptr-tools-downloader.exe | "TCP Query User{CA88C0D9-A492-4768-A95F-8303F69E5714}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"TCP Query User{CB2F717C-1D6A-47E9-8635-CA0C23780170}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{E0008833-1364-4AE1-82F1-E7472AA8594D}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{E01C9563-7807-4B5D-9018-5FAB55499EF8}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"TCP Query User{E25A9601-0805-43AE-A836-919BCE3813E5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{FC81F8A5-325A-4DF5-A65A-9614133303A5}C:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{104CB842-BDC5-45C7-B2CE-A69DF4D9533B}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{142ED31F-82D5-4DB8-AADA-C8ECC8CFB9F3}C:\program files\world of warcraft public test\temp\wow-4.2.0.2483-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.0.2483-enus-ptr-tools-downloader.exe |
"UDP Query User{14425923-09F6-4F83-88F2-0AA46F834DF5}C:\program files\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\patchget.dat |
"UDP Query User{1ABA6B94-8E3C-4FA2-B381-FE1C3EEA5ECD}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{230B9426-15BB-41F8-966C-3D20AD33339B}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{360B8742-FE69-4D86-89C1-7B87DF5AFE07}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{3831146A-E0C7-465E-8769-3AB602A2F304}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{3D8AEBF4-8C06-4F9F-BF1F-A59EF48AAF04}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"UDP Query User{3F971336-B7A4-4860-8292-F6E829FB0E7A}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"UDP Query User{4B05D250-B399-4CE3-BAC1-217004D6EDC4}C:\users\mr. skillcap\downloads\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de.exe |
"UDP Query User{51BFA975-7A36-4E8B-B7DA-EA17AE701C33}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{5B6DDD30-1489-4238-B216-9CF4158B67E8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{6D334561-32AE-4F44-A30E-8FAF97079479}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"UDP Query User{72BF13E3-D7C1-47E5-A146-9CA7B9025C82}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{7857D14A-2E81-4B24-B3C9-47812275DC2C}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{7A35FCBE-EDC1-4B4D-902C-45FB03F010FA}C:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{7AD26D68-F5C5-4E66-A75C-9DA535128855}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{8525F5B2-AFC7-49D0-B605-B0DFAD81CD42}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{862F73D0-011A-4033-9D97-AF45D18F686C}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{8911991E-1BDF-44EF-863E-84746F2E366D}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"UDP Query User{8ADFA57A-E3CB-46ED-B41D-0A61FD9D203E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8CE9C9F4-C73A-4507-9EB7-9C1EB66D4C7F}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{A8B52ACE-1BF9-4A7E-A9B4-6A86AF254424}C:\users\mr. skillcap\downloads\ptr-installer-de_de(3).exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de(3).exe |
"UDP Query User{AC5DAB2A-79B5-4C1D-89F7-5566829791D7}C:\users\mr. skillcap\downloads\ptr-installer-de_de(2).exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de(2).exe |
"UDP Query User{B8EF1D8D-DB1A-4EAD-ACB5-9D2B21C66D8A}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"UDP Query User{CCC01056-4CFF-4C11-9F06-1D117962B04A}C:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{D49F80AD-AFE8-4876-AE93-8738C56198F7}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"UDP Query User{D8F28019-665D-49DB-8D6C-A9956BC4FEB6}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe |
"UDP Query User{F633E04B-52B9-4601-A1FD-0A2857D536CF}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232769D5-3512-4E0F-BAD3-3B41B5A8FEBA}" = DriverUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = LevelOne LevelOne WNC-0601 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.494.0
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE289B5B-C489-42F2-AA6A-23F0DA738616}" = Rhythm Rascal
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ANNO1602" = Anno 1602
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube Download_is1" = Free YouTube Download 2.10
"G7EDE" = G7.1ut Editor/Librarian
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Hydrogen" = Hydrogen
"ICQToolbar" = ICQ Toolbar
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"RealPlayer 12.0" = RealPlayer
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"090215de958f1060" = Curse Client
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report > --- --- ---
Vom CCleaner die Liste :
[code]
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 06.03.2010 13,5MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 18.06.2010 10.1.53.64
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 05.12.2011 11.1.102.55
Adobe Reader 8 - Deutsch Adobe Systems Incorporated 06.03.2010 90,9MB 8.0.0
Anno 1602 30.08.2010 81,2MB
Apple Application Support Apple Inc. 07.07.2011 51,0MB 1.5.2
Apple Mobile Device Support Apple Inc. 07.07.2011 22,1MB 3.4.1.2
Apple Software Update Apple Inc. 07.07.2011 2,38MB 2.1.3.127
Audacity 1.2.6 14.06.2010 8,43MB
Aufstieg des Hexenkönigs™ 11.11.2011 2.936MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 06.03.2010 98,1MB
Battlefield 2142 08.06.2011 2.145MB
Bonjour Apple Inc. 07.07.2011 0,77MB 2.0.5.0
CCleaner Piriform 22.12.2011 4,22MB 3.14
Cisco EAP-FAST Module Cisco Systems, Inc. 08.03.2010 1,04MB 2.1.6
Cisco LEAP Module Cisco Systems, Inc. 08.03.2010 1,04MB 1.0.12
Cisco PEAP Module Cisco Systems, Inc. 08.03.2010 0,85MB 1.0.13
Crysis® 2 Electronic Arts 07.12.2011 11,2MB 1.0.0.0
Curse Client Curse 14.12.2011 4.0.1.170
Die Schlacht um Mittelerde™ II 11.11.2011 5.243MB
DivX-Setup DivX, LLC 03.05.2011 2,12MB 2.5.0.8
DriverUpdate SlimWare Utilities, Inc. 11.11.2011 26,4MB 2.2.14752
EasyBits Magic Desktop 25.03.2010
Free WAV to MP3 Converter Polaris-Software.com 29.01.2011 10,5MB 1.01
G7.1ut Editor/Librarian 13.08.2010 3,20MB
Google Chrome Google Inc. 08.08.2010 328MB 16.0.912.63
Google Toolbar for Internet Explorer 06.03.2010 334MB
Hardware Diagnose Tools PC-Doctor, Inc. 06.03.2010 116,8MB 5.00.4424.15
HP Customer Experience Enhancements Hewlett-Packard 06.03.2010 0,98MB 5.1.0.2264
HP Easy Setup - Frontend Hewlett-Packard 06.03.2010 1,92MB 5.1.0.2269
HP On-Screen Cap/Num/Scroll Lock Indicator Hewlett-Packard 06.03.2010
HP Photosmart Essential 2.0 HP 06.03.2010 2,29MB 2.0
HP Update Hewlett-Packard 06.03.2010 3,56MB 4.000.005.005
Hydrogen 15.10.2010 31,2MB
ICQ Toolbar ICQ 06.03.2010 3.0.0
ICQ7.6 ICQ 15.10.2011 66,2MB 7.6
iTunes Apple Inc. 07.07.2011 144,0MB 10.3.1.55
Java(TM) 6 Update 29 Oracle 09.07.2011 94,9MB 6.0.290
LevelOne LevelOne WNC-0601 Wireless LAN Card LevelOne 08.03.2010 9,63MB 1.5.4.0
LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 06.03.2010 13,7MB 3.2.0.41
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 22.12.2011 6,76MB 1.51.2.1300
McAfee Security Scan Plus McAfee, Inc. 26.10.2010 9,10MB 2.0.181.2
MediaGet2 version 2.1.494.0 MediaGet LLC 02.05.2011 20,6MB 2.1.494.0
MediaGet2 version 2.1.890.0 MediaGet LLC 31.07.2011 20,6MB 2.1.890.0
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 14.03.2010 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.03.2010 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.08.2011 117,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 11.08.2011 24,5MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 11.08.2011 38,0MB 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 11.08.2011 7,50MB 4.0.30319
Microsoft Office Enterprise 2007 Microsoft Corporation 20.02.2011 666MB 12.0.4518.1014
Microsoft Office Home and Student 2007 Microsoft Corporation 06.03.2010 449MB 12.0.4518.1014
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 03.01.2011 230MB 10.0.2701.01
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.03.2010 0,54MB 8.0.50727.42
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 02.05.2011 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 06.12.2011 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.03.2010 0,58MB 9.0.30729
Microsoft Works Microsoft Corporation 06.03.2010 288MB 08.05.0822
MobileMe Control Panel Apple Inc. 08.05.2010 7,33MB 2.6.0.35
Mozilla Firefox 8.0 (x86 de) Mozilla 10.11.2011 37,8MB 8.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.03.2010 35,00KB 4.20.9870.0
muvee autoProducer 6.0 muvee Technologies 06.03.2010 155,1MB 6.00.050
Norton Internet Security (Symantec Corporation) Symantec Corporation 06.03.2010 42,9MB 10.2.0.30
NVIDIA Drivers NVIDIA Corporation 06.03.2010 2.733MB 1.4
Optimierte Multimedia-Tastatur-Lösung Hewlett-Packard 06.03.2010 8,30MB
Power Tab Editor 1.7 Power Tab Software 09.04.2011 3,59MB 1.7.0
QuickTime Apple Inc. 07.07.2011 73,7MB 7.69.80.9
RealPlayer RealNetworks 10.11.2011 92,7MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 06.03.2010 11,4MB 6.0.1.5377
Rhythm Rascal Rhythm Rascal 11.08.2011 27,7MB 3.2.0
Roxio Creator Audio Roxio 06.03.2010 3,79MB 3.4.0
Roxio Creator Basic v9 Roxio 06.03.2010 29,3MB 3.4.0
Roxio Creator Copy Roxio 06.03.2010 0,65MB 3.4.0
Roxio Creator Data Roxio 06.03.2010 0,84MB 3.4.0
Roxio Creator EasyArchive Roxio 06.03.2010 1,49MB 3.4.0
Roxio Creator Tools Roxio 06.03.2010 0,35MB 3.4.0
Roxio Express Labeler 3 Roxio 06.03.2010 18,1MB 3.2.1
Und der Malware Scan: Code:
Roxio MyDVD Basic v9 Roxio 06.03.2010 328MB 9.0.559
Skype™ 5.3 Skype Technologies S.A. 31.07.2011 16,6MB 5.3.120
TeamSpeak 2 RC2 Dominating Bytes Design 13.03.2010 2.0.32.60
TeamSpeak 3 Client TeamSpeak Systems GmbH 14.03.2010 30,5MB
TuxGuitar Herac 09.07.2011 10,6MB 1.2
Uninstall 1.0.0.1 12.11.2010 29,0MB
Winamp (remove only) 29.10.2011 2,39MB
WinRAR 25.04.2010 3,79MB
World of Warcraft Blizzard Entertainment 07.08.2011 35.975MB 4.2.0.14480
Ergebnisse vom Malwareprogramm: Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122306
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
23.12.2011 14:35:28
mbam-log-2011-12-23 (14-35-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 413080
Laufzeit: 2 Stunde(n), 53 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6FE23060-2A0C-11DF-BBB3-806E6F6E6963} (Trojan.FakeFF) -> Value: {6FE23060-2A0C-11DF-BBB3-806E6F6E6963} -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Washer2.rar (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Users\mr. skillcap\AppData\Roaming\microsoft\dllhsts.exe (Trojan.FakeFF) -> Quarantined and deleted successfully.
c:\Users\mr. skillcap\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\1ZC1CPBD\about[1].exe (Trojan.FakeFF) -> Quarantined and deleted successfully.
c:\Users\mr. skillcap\AppData\Local\Temp\wpbt0.dll (Trojan.FakeFF) -> Quarantined and deleted successfully.
c:\Users\mr. skillcap\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Washer2.rar\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. Hoffe das ist alles was du brauchst. Danek schonmal (: |