Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Doppelte Accents und ein googlesicherer Prozess

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.07.2010, 18:40   #1
Glorious
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Nabend zusammen,

mein System: AMD DuoCore 3 GHz., 4 GB Ram, OS Vista Home 64.

Und zur Sache: Seit heute erscheint auch beim einmaligen Drücken der Accent-Taste (die rechts neben dem Fragezeichen) der selbe sofort doppelt (´´). Wie eine ausgiebige Recherche via Google ergab, weder Novum noch einmalig. Dennoch rätseln über die Ursache offenbar selbst Experten. Bisweilen wird ein Virus als Auslöser vermutet, bewiesen ist das nicht. Nichtsdestoweniger veranlasste ich eine komplette Systemanalyse. Ccleaner leistete Vorarbeit, Malwarebytes fand gar nichts. Auch ein kompletter Scan mit Antivir blieb ergebnislos - angeblich alles sauber. Auch die Auto-Auswertung eines frischen HijackThis-Logs brachte nichts ernstes zutage.

Was mich dennoch skeptisch macht (neben der Tatsache, dass das Problem bestehen blieb), ist der laufende Prozess luuv.exe. Der ist anscheinend "google"sicher, will heißen: Ich finde zu jedem meiner laufenden Anwendungen eine Einstufung und Beschreibung online, nur zu diesem nicht. Aus den Eigenschaften: C:\Users\****\AppData\Roaming\Esfyp.

Der Versuch, den Prozess aus dem Autostart zu nehmen, fruchtete nicht. Er kehrt immer wieder. Der Grund, weshalb ich einen Zusammenhang zwischen dem Accent-Problem und dem luuv.exe-Prozess sehe: Seit heute wird bei jedem Systemstart zudem sofort eine Internetverbindung hergestellt. Und ich kann mich an "luuv.exe" aus früheren Systemoptimierungen partout nicht erinnern.

Vor einer Neuaufsetzung des gesamten Systems schrecke ich entschlossen zurück. Deshalb hoffe ich auf euren Rat und Hilfe. Habt vielen Dank für jeden Vorschlag.

Toni


Die Logs:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3756
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

25.07.2010 16:17:40
mbam-log-2010-07-25 (16-17-40).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 343675
Laufzeit: 1 hour(s), 5 minute(s), 57 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:38:18, on 25.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
C:\Users\***\AppData\Roaming\Esfyp\luuv.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\***\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8}] C:\Users\Altmann\AppData\Roaming\Esfyp\luuv.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E19DCCBB-4A58-499D-A97D-F6126CDDA31E}: NameServer = 213.191.74.18 62.109.123.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxbk_device -   - C:\Windows\system32\lxbkcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Softwarelizenzierung (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
         

Alt 27.07.2010, 13:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Zitat:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3756
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.
Wir sind bei v1.46 und DB-Version 4350 oder höher!
__________________

__________________

Alt 27.07.2010, 15:21   #3
Glorious
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Grüß dich Arne,

und vielen Dank für den Hinweis, wenngleich ich das auch selbst hätte bemerken müssen. Nun, habe die Aktualisierung prompt veranlasst und ... nichts. Wenn ich ehrlich bin, wäre mir ein Fund lieber gewesen. Dann wüsste ich, woran ich bin.

Nichtsdestoweniger vielen Dank.

Toni


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4357

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

27.07.2010 16:14:34
mbam-log-2010-07-27 (16-14-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 345784
Laufzeit: 1 Stunde(n), 9 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 27.07.2010, 15:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2010, 16:27   #5
Glorious
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Abermals vielen Dank!

Code:
ATTFilter
OTL logfile created on: 27.07.2010 16:48:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,79 Gb Total Space | 55,39 Gb Free Space | 32,06% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 257,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: **
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Users\***\AppData\Roaming\Esfyp\luuv.exe ()
PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe ()
PRC - C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe ()
PRC - C:\Programme\ASUS\Ai Suite\AiNap\AiNap.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe ()
PRC - C:\Windows\SysWOW64\PSIService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (57xx SteelVine Manager) -- C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe ()
SRV - (lxbk_device) -- C:\Windows\SysWow64\lxbkcoms.exe ( )
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ULCDRHlp) -- C:\Windows\SysNative\Drivers\ULCDRHlp.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (ULCDRHlp) -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Programme\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Launch As Cmd Runner] C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8}] C:\Users\***\AppData\Roaming\Esfyp\luuv.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\Pictures\Wallpaper\dawn-1024x.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\Wallpaper\dawn-1024x.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell - "" = AutoRun
O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell\AutoRun\command - "" = F:\Setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.27 16:47:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Altmann\Desktop\OTL.exe
[2010.07.27 15:03:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.27 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.06 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Altmann\AppData\Roaming\Skype
[2010.07.06 00:38:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.07.06 00:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.04.07 15:05:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2010.04.07 15:05:29 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2010.04.07 15:05:29 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2010.04.07 15:05:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2010.04.07 15:05:29 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2010.04.07 15:05:29 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2010.04.07 15:05:29 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2010.04.07 15:05:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2010.04.07 15:05:29 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2010.04.07 15:05:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2010.04.07 15:05:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.27 16:51:02 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.07.27 16:47:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.07.27 14:55:37 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.27 14:55:37 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.27 10:55:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.27 10:55:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.27 10:55:31 | 4293,971,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.27 03:33:22 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{310d4d84-8c26-11dd-8964-e20a9a6109df}.TMContainer00000000000000000002.regtrans-ms
[2010.07.27 03:33:22 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{310d4d84-8c26-11dd-8964-e20a9a6109df}.TM.blf
[2010.07.26 15:53:55 | 003,704,685 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.07.25 22:38:50 | 000,002,516 | ---- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010.07.24 19:14:03 | 000,041,272 | ---- | M] () -- C:\Users\***\Documents\Vokabeln Italienisch.docx
[2010.07.23 22:30:51 | 000,012,915 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.07.20 17:26:46 | 000,013,776 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.07.19 15:45:17 | 000,020,384 | ---- | M] () -- C:\Users\***\Documents\italienisch.docx
[2010.07.18 16:19:25 | 000,010,528 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.07.15 16:41:55 | 000,026,624 | ---- | M] () -- C:\Users\***\Documents\***.doc
[2010.07.15 16:38:46 | 000,011,479 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.07.14 19:35:05 | 000,000,843 | ---- | M] () -- C:\Users\***\Desktop\Carom3D.lnk
[2010.07.14 19:35:05 | 000,000,026 | ---- | M] () -- C:\Windows\NeoSetup.INI
[2010.07.13 02:28:58 | 000,010,277 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.07.13 02:00:18 | 000,011,733 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.07.08 05:10:07 | 000,061,952 | ---- | M] () -- C:\Users\***\Documents\***.doc
[2010.07.08 01:03:19 | 000,059,904 | ---- | M] () -- C:\Users\***\Documents\***.doc
[2010.07.07 17:17:49 | 000,036,548 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.07.03 19:27:44 | 001,559,225 | ---- | M] () -- C:\Users\***\Documents\Titelübersicht.xlsx
[2010.07.01 17:31:17 | 000,012,170 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.06.30 16:44:11 | 000,010,033 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.23 22:30:50 | 000,012,915 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.07.20 17:26:45 | 000,013,776 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.07.15 16:41:55 | 000,026,624 | ---- | C] () -- C:\Users\***\Documents\***.doc
[2010.07.15 16:34:47 | 000,011,479 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.07.14 19:35:05 | 000,000,843 | ---- | C] () -- C:\Users\***\Desktop\Carom3D.lnk
[2010.07.13 02:28:58 | 000,010,277 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.07.09 16:01:40 | 000,011,733 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.07.08 04:56:02 | 000,061,952 | ---- | C] () -- C:\Users\***\Documents\***.doc
[2010.07.07 17:19:06 | 000,059,904 | ---- | C] () -- C:\Users\***\Documents\***.doc
[2010.07.07 16:31:33 | 000,036,548 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.07.01 17:31:16 | 000,012,170 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.06.30 16:44:11 | 000,010,033 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.06.28 15:49:30 | 000,020,384 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.04.07 15:05:29 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2010.04.07 15:05:29 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.02.04 03:11:05 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI
[2009.12.03 20:06:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 20:05:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.18 12:38:22 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.06.13 13:33:54 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.04.04 21:40:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2008.12.11 20:03:22 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2008.12.11 20:03:22 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2008.12.11 20:03:22 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2008.10.25 14:50:52 | 001,618,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.10.06 17:01:06 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2008.09.27 18:33:51 | 000,002,516 | ---- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2008.09.27 18:33:51 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\6E2F276D85.sys
[2008.09.27 02:08:02 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008.09.27 02:08:02 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008.09.27 02:07:59 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2008.09.27 02:07:59 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2008.09.27 01:50:49 | 000,032,591 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008.09.27 01:47:18 | 000,031,828 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 27.07.2010 16:48:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,79 Gb Total Space | 55,39 Gb Free Space | 32,06% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 257,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: **
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = F8 AF 85 BB 62 74 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{351A9297-1B4B-48A5-BF7F-597ED9855076}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5DF49886-5698-41B9-89B1-6CA1BF8F91B3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{61299FD9-1A79-4B45-A2BE-EDC4699C2C56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{646EC2F8-952C-493D-8958-86894275811B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7FD30BD1-4F09-45F4-80ED-F83218C95307}" = lport=137 | protocol=17 | dir=in | app=system | 
"{809BF2A4-52D0-4639-871A-FC78EFE0F574}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A3D9E32D-A783-4B15-B547-559A68F202AE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A66F6BBE-5199-451D-82B7-0A2757229362}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B9919E58-6710-49E7-ABCD-5BC277342325}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E37796F5-58A6-4674-9A0C-3A55CBB0C459}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F8B20591-CDC2-4132-91C6-30B1DDBE6B07}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031886D9-C4BB-49CA-BB62-619482336766}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{1659EA2E-2B3A-4335-99FE-95A4B4109416}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{188195B9-0BBD-4C2F-98AF-2FFA1971091D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{18E9ABAC-E81F-45FD-9C85-2097DDFFD9CD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1B85DDE8-E417-44F2-B6B4-B9D69C7FBCCA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{23193C42-C987-40A5-B721-473380D1F228}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe | 
"{24729462-1FE8-4475-8625-977A24F566B4}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe | 
"{2625A31C-2814-41A3-B475-BF00DB191F10}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe | 
"{26D4D386-F8B6-47AA-988C-5D5F4F9DBE33}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{2BC08216-3B95-48A4-B358-4C65E4CC69F3}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{363BB8F7-4E29-4496-A7B6-E6FD11188CBF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{389658D3-B9E0-4C5C-9329-2F7192D7EF5E}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{3D209B13-6C41-4D27-8485-EE5E1F7B6478}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{3F09D068-4CBE-4C6E-86D1-7E2A2D914D24}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3F99FBAB-C49E-4D66-9385-B6CB580F64C6}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe | 
"{412AC762-4521-4B02-B74C-A86837BB9526}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{48AF3712-8D95-4D99-B401-7B654BEDF5ED}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe | 
"{4BF58284-48CD-4A05-AFCF-0966FB59DB4C}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe | 
"{5052647A-AA9A-4584-A9CB-1289C6B4C71D}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{540118CD-806D-4852-B8DA-2B6554C8CE96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{554E0975-02D3-487C-AF97-D7D0A46416A9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe | 
"{57D0676E-18C7-41E6-9C6A-8EF3150C4CB8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5A4833D1-EC5F-4A90-9A5F-C1FD3C00C967}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C506C97-7C9A-421C-A018-A0E4D9DBB8FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{687D98E6-5893-42CE-B649-3D81881A16E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{6AAF876A-35C2-4FFE-9C09-51E93136FAA6}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{6B94FC65-5FD7-42BE-8DD4-DE69A9D44725}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{6FFDD4F0-1C77-4F8B-BA8A-24C86CDEA656}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{72866F78-F88C-4C72-B820-D4EF8A4EEEC8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{786B35EC-8739-4419-9217-CF804B168DB8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7BD53F92-E2D5-41DC-BAFB-E53678721E22}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{7D6F3F89-BCA6-47DB-B85D-1BE48FA337A5}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe | 
"{8814A75E-1A26-46E0-AEAA-C2C8A8F6FE37}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{88F037B3-E104-45BC-965B-11AEB6B004C4}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe | 
"{8D8410EE-A53D-4153-B1FF-27AEE836A4A8}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe | 
"{8F066784-BF75-4AF2-AFC9-39FA145C267F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{97561EBA-AE0F-4B47-BBF6-4B3C4BA860D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{986141C1-5F34-41CB-A700-E60E895A037B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A0769E0B-9684-403B-88D8-1A92DD5E5530}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{A246F189-71EE-479C-B6AD-1F56E440F568}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A530A10D-A1CB-4E30-9FAA-751708F3249D}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe | 
"{A9E0589F-A0B3-450F-8F51-CAD427424B31}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{ACA5BF91-0024-4456-AC5D-BF6F4BCBD0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{AD9AE378-041B-40B3-ABD4-38AD7C56F37E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{B2470C25-059E-44CE-B928-E8509D22016A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B5F26C44-21EC-4DE9-867D-0DE07754EDAF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BCD00DD6-CB09-4CEE-957A-40AB34C91B10}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{BEE146ED-DB59-4493-AC5F-DA4B6432D7A1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{C34B3763-8AF1-4C52-A973-B0CF7D5766DC}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{C5854358-38DB-4C7D-9E08-A658932C4375}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D13E0466-434B-4B11-8EAB-D6468BEFE748}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{DDCD6DED-3B60-41A8-B594-F8D754D434BD}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{E5EE7FFF-362C-44A0-8DB9-8DF40AAA63E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F0985B42-9F97-4CAA-AF5D-32B8808F1002}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{F92602A9-983D-4640-98AD-2C54A7A178D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe | 
"{FAC15C13-7AD9-4967-B61F-335543CD8965}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FFEF3A25-F639-4C63-9E82-9CF8E47C3D21}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{05803F03-CC30-4CFF-8E1D-95C463CE49C0}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{0695CC27-F07E-478D-8001-8ACAD05483D0}C:\users\***\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | 
"TCP Query User{10BCE5D2-F1E5-478A-9D2E-1C39EE3ED802}C:\program files (x86)\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"TCP Query User{16ED6846-95F2-49B4-AD8B-22E81EDB80ED}C:\users\***\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | 
"TCP Query User{23BD9A6A-B053-432C-AAA5-4FBE1C9838E2}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{2A2806A5-73CB-4F01-B6D4-8E74FDAEF9FE}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"TCP Query User{3858FB50-B7E3-419B-BEA1-7AE1170DB5A8}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"TCP Query User{40BFE0D5-854B-4A2B-8751-B7B77457728B}C:\program files (x86)\activision\ef2\ef2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\ef2\ef2.exe | 
"TCP Query User{70CA8EBC-F873-4CB5-95C2-375D3801222B}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe | 
"TCP Query User{80C39B99-51E4-4E70-8FAE-57D7EF75149F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{9377327A-478F-4A4C-8247-CA7B938D31DC}C:\program files (x86)\ea sports\fifa 08\fifa08.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 08\fifa08.exe | 
"TCP Query User{957F90BA-2103-4773-AF6A-769DEDA04376}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"TCP Query User{97375AD9-D51A-4D29-AB3F-FF9FA7AC2A92}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{A20B9790-48F8-45B0-9229-1784B0008C58}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe | 
"TCP Query User{B1BF7C39-C989-4A21-BD64-9ED338A2230B}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | 
"TCP Query User{B74049F9-8DFD-413A-9F3F-FEC8F345B0F7}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe | 
"TCP Query User{C6E49E52-3357-4649-89C9-49E686B2CA66}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{CD320F86-33E6-42AD-9261-4F58991B3331}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe | 
"TCP Query User{D002DF69-216C-4839-B767-6E6F64D51AAF}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{DCAA6A9A-B4C8-4864-A26F-469114676499}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | 
"TCP Query User{E0943331-FBD0-40A0-9599-4D1CD86E5A16}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"TCP Query User{F240310E-392E-4263-8C7C-8A9A7EFD4189}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | 
"TCP Query User{F413F923-4EF0-42C9-8922-692900C75215}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{F96287E5-0B11-4039-8A0C-3A8369BC7363}C:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe | 
"UDP Query User{12CC6E85-6336-482A-9924-DEF711917355}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{22BEE710-B4A8-42E2-8F80-7036300F7931}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{2E8195E5-035D-4D97-AE23-9335DCA3142B}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"UDP Query User{3348E97E-5149-4930-88C8-DFDCECDB3AE4}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{40902EDB-26A7-49B3-BBCF-B253D7E48C5D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{42DC0232-FD0E-4845-AB3F-436B9605272C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{4B7A00DC-E53B-48EB-B632-991B371E5D8B}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe | 
"UDP Query User{579B39E9-CA7D-4435-84E2-56B0F304292B}C:\users\altmann\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | 
"UDP Query User{61ACCCB5-5F49-4019-B4BF-18441D343AC3}C:\program files (x86)\ea sports\fifa 08\fifa08.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 08\fifa08.exe | 
"UDP Query User{61D2C660-F39F-491C-8269-38C05F9ACDF1}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | 
"UDP Query User{627EECFC-F6F4-42BD-853E-7DA161B45B32}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | 
"UDP Query User{72B0E132-2BE9-4068-B271-2874C7DDD2C5}C:\users\***\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | 
"UDP Query User{74CF1D2B-0B8D-4836-B4AB-51BD5676966A}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"UDP Query User{90F5D1D5-2B7C-415A-9315-094F01CD9C1A}C:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe | 
"UDP Query User{966FC014-25AC-4D38-B467-00F1E4C641CA}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | 
"UDP Query User{973B4843-9C57-490A-AD12-074C2FE9688D}C:\program files (x86)\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namco bandai games\warhammer® mark of chaos\warhammer.exe | 
"UDP Query User{98C345B3-3148-4317-857B-220013FCA0DE}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe | 
"UDP Query User{A4EAE3DF-22D8-4E95-82E0-2796CC030283}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe | 
"UDP Query User{A68D8B10-8AEE-41E2-8F1D-DC0B07CC3350}C:\program files (x86)\activision\ef2\ef2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\ef2\ef2.exe | 
"UDP Query User{BA6537C2-47E9-4F10-8393-D3FFD64AA87D}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"UDP Query User{DB674D28-5D73-41C9-A9FC-93193DF53D91}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{E01F98C6-727C-4823-9173-B45FBF0E3BE1}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe | 
"UDP Query User{E9A108DA-A111-4FBA-9991-A5CA8D4EE43C}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23DECE04-CB38-2CB1-9DC4-10AAF53CBC7A}" = ccc-utility64
"{69664D82-59E1-23B8-6265-6258D7316FA7}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0E567B5E-4D69-2CAD-FBE7-D67C7C113142}" = CCC Help English
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26ECD60F-4038-84B7-CBA7-96C981B2D90A}" = ccc-core-static
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4E242EA4-FD8D-835C-FFE2-5CDB88CB8FFC}" = Catalyst Control Center InstallProxy
"{50E140BC-1F23-CFDB-7B7E-1D872611EDC5}" = Catalyst Control Center Graphics Previews Common
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A4161E3-7E06-0E09-FDF0-80BEFAAFABC9}" = Skins
"{5AD39E4B-5CE4-B938-1630-946E908566DF}" = Catalyst Control Center Core Implementation
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{685C7EBA-82F4-44F8-9514-911A69850DA3}" = Express Gate
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{944DFFA1-E785-04EE-6083-D80F86C41E57}" = Catalyst Control Center Graphics Light
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A06C3BF4-E6E8-4F56-2C7E-412F907E94F9}" = Catalyst Control Center Graphics Full New
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A434533D-989F-0440-1D1F-A784F64E15F3}" = HydraVision
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7709081-CE4E-4339-A727-F88E648F92FA}_is1" = Oblivion Improved 1.41
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDD11F42-6F08-4BB6-B4CA-3258BB58CDD5}" = Drive Xpert
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C0C18638-8DF5-905A-20F0-33833DAADA2F}" = Catalyst Control Center Graphics Previews Vista
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD1685DD-5186-A6B9-446E-07FBAB1CE9D1}" = Catalyst Control Center HydraVision Full
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1257B1A-65F6-D197-4A03-B480E545ECA2}" = Catalyst Control Center Graphics Full Existing
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Any Video Converter_is1" = Any Video Converter 2.7.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Carom3D" = Carom3D
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"Guild Wars" = GUILD WARS
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LeechFTP" = LeechFTP 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"mv61xxDriver" = marvell 61xx
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TIPP10_is1" = TIPP10 Version 2.0.3
"WinRAR archiver" = WinRAR
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.0.1 (ansi) for Python 2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.01.2010 09:22:21 | Computer Name = ** | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2010 11:10:56 | Computer Name = ** | Source = EventSystem | ID = 4621
Description = 
 
Error - 07.01.2010 13:14:17 | Computer Name = ** | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.01.2010 11:26:32 | Computer Name = ** | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2010 00:47:40 | Computer Name = ** | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.01.2010 12:01:48 | Computer Name = ** | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2010 02:08:11 | Computer Name = ** | Source = EventSystem | ID = 4621
Description = 
 
Error - 10.01.2010 11:25:25 | Computer Name = ** | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2010 15:00:44 | Computer Name = ** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FIFA09.exe, Version 0.0.0.0, Zeitstempel 0x4900ff03,
 fehlerhaftes Modul DINPUT8.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a672,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000116,  Prozess-ID 0x2a4, Anwendungsstartzeit
 01ca920bc618a4eb.
 
Error - 11.01.2010 00:22:31 | Computer Name = ** | Source = EventSystem | ID = 4621
Description = 
 
[ OSession Events ]
Error - 27.10.2009 08:41:25 | Computer Name = ** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 2718 seconds with 1380 seconds of active time.  This session ended with a
 crash.
 
[ System Events ]
Error - 25.07.2010 12:50:43 | Computer Name = ** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.07.2010 05:31:38 | Computer Name = ** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 26.07.2010 05:31:40 | Computer Name = ** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 26.07.2010 05:33:20 | Computer Name = ** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.07.2010 11:55:26 | Computer Name = ** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 26.07.2010 11:55:28 | Computer Name = ** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 26.07.2010 11:57:09 | Computer Name = ** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.07.2010 04:55:27 | Computer Name = ** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.07.2010 04:55:29 | Computer Name = ** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.07.2010 04:57:10 | Computer Name = ** | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         


Alt 27.07.2010, 16:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
PRC - C:\Users\***\AppData\Roaming\Esfyp\luuv.exe ()
O4 - HKCU..\Run: [{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8}] C:\Users\***\AppData\Roaming\Esfyp\luuv.exe ()
O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell - "" = AutoRun
O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell\AutoRun\command - "" = F:\Setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Files
C:\Users\***\AppData\Roaming\Esfyp
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Doppelte Accents und ein googlesicherer Prozess

Alt 27.07.2010, 16:59   #7
Glorious
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Tausend Dank für die idiotensichere Anleitung, Arne. Habe ich erledigt!

Bemerkenswert: Nach dem Neustart wird weder eine Verbindung ohne meine Einwilligung hergestellt, noch besteht das Accent-Problem weiterhin. Es scheint, als wären meine Schwierigkeiten allesamt bereinigt und diese bizarre Datei tatsächlich schuld gewesen. Ich poste das neue Log dennoch:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named luuv.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8}\ not found.
C:\Users\***\AppData\Roaming\Esfyp\luuv.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found.
File F:\Setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found.
File F:\Directx\dxsetup.exe not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
File\Folder C:\Users\***\AppData\Roaming\Esfyp not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 1777741 bytes
->Temporary Internet Files folder emptied: 13376760 bytes
->Flash cache emptied: 42520 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55242 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 127730 bytes
 
Total Files Cleaned = 15,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07272010_174606

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YE410V43\88670-doppelte-accents-und-ein-googlesicherer-prozess[1].html moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MUTEGC3H\ads[6].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1PVC9B9Y\ads[3].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1E7D1GY4\ads[5].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
         
Keine Ahnung, ob es das jetzt wirklich gewesen ist, aber in jedem Fall bin ich dir etwas schuldig. Hab Dank, dass es so zügig ging.

Liebe Grüße
Toni

Alt 29.07.2010, 13:08   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.07.2010, 18:10   #9
Glorious
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Okay,

geschehen und beide scheinen bedenkenlos. Bleibt mir die abschließende Frage: Was war das für eine Datei? Antivir schlug an, als ich es mir eingefangen habe, ich drückte auf "Entfernen". Danach fand weder Antivir noch Malwarebytes Spyware respektive Trojaner. Dennoch war diese ominöse Datei da. Nach dem letzten Malwarebytes-Scan (direkt im Anschluss) schlug Antivir (!!!) plötzlich noch einmal an und fand sie erneut in der OTL-Karantäne. Ich drückte wieder auf "Entfernen".

Nun scheint sie wirklich weg zu sein. Kein Fund, kein Accent-Problem, kein eigenmächtiges Starten der Verbindung.

Also: Womit habe ich es hier zu tun gehabt?

Lieben Dank abermals für alles.

Toni

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4366

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

29.07.2010 16:21:13
mbam-log-2010-07-29 (16-21-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 344145
Laufzeit: 1 Stunde(n), 8 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 07/29/2010 bei 06:35 PM

Version der Applikation : 4.41.1000

Version der Kern-Datenbank : 5284
Version der Spur-Datenbank : 3096

Scan Art       : kompletter Scann
Totale Scann-Zeit : 02:00:29

Gescannte Speicherelemente  : 675
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 12487
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 227571
Erfasste Datei-Elemente   : 0
         

Alt 29.07.2010, 19:23   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Accents und ein googlesicherer Prozess - Standard

Doppelte Accents und ein googlesicherer Prozess



Was das genau war, lässt sich jetzt wohl nicht mehr klären. Falls Du diese luuv.exe noch hast, kannst Du sie aber nochmal bei Virustotal.com auswerten lassen und die Ergebnisse hier komplett posten.

Wenn Du willst kannst Du sie auch bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Doppelte Accents und ein googlesicherer Prozess
adobe, antivir, antivir guard, avg, avira, bho, bonjour, browser, computer, cpu, desktop, google, helper, hijack, home, launch, object, problem, prozess, rundll, scan, senden, software, system, syswow64, virus, vista




Ähnliche Themen: Doppelte Accents und ein googlesicherer Prozess


  1. Doppelte Unterstreichung und farbige Markierung
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (5)
  2. Doppelte Accounts löschen?
    Lob, Kritik und Wünsche - 14.11.2013 (4)
  3. Virus: Trojan.ZbotR.Gen und Backdoor.Bot.citdl , doppelte Accents
    Log-Analyse und Auswertung - 17.10.2012 (13)
  4. Doppelte Akzente/Trojan.ZbotR.Gen?
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (11)
  5. Doppelte Accents
    Log-Analyse und Auswertung - 16.04.2012 (11)
  6. Trojaner Doppelte Akzentzeichen
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (2)
  7. Internet Explorer Prozess (NUR PROZESS) iexplore.exe startet sich selbst 3 mal
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (21)
  8. Internet Explorer Prozess (NUR PROZESS) iexplore.exe startet sich selbst 3 mal
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (9)
  9. doppelte Dateien
    Diskussionsforum - 13.04.2010 (2)
  10. doppelte iexplorer.exe
    Log-Analyse und Auswertung - 02.06.2009 (8)
  11. Doppelte avp.exe
    Log-Analyse und Auswertung - 20.08.2008 (4)
  12. Doppelte Prozesse im Taskamanger
    Log-Analyse und Auswertung - 10.02.2008 (11)
  13. doppelte iexplore.exe
    Plagegeister aller Art und deren Bekämpfung - 28.01.2008 (1)
  14. doppelte Modelle im Gerätemanger löschen?
    Netzwerk und Hardware - 13.02.2005 (1)
  15. Doppelte Tastenbelegung, durch Virus?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2005 (3)
  16. .jpg doppelte Größe
    Alles rund um Windows - 27.08.2004 (4)

Zum Thema Doppelte Accents und ein googlesicherer Prozess - Nabend zusammen, mein System: AMD DuoCore 3 GHz., 4 GB Ram, OS Vista Home 64. Und zur Sache: Seit heute erscheint auch beim einmaligen Drücken der Accent-Taste (die rechts neben - Doppelte Accents und ein googlesicherer Prozess...
Archiv
Du betrachtest: Doppelte Accents und ein googlesicherer Prozess auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.