|
Log-Analyse und Auswertung: Doppelte Accents und ein googlesicherer ProzessWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.07.2010, 18:40 | #1 |
| Doppelte Accents und ein googlesicherer Prozess Nabend zusammen, mein System: AMD DuoCore 3 GHz., 4 GB Ram, OS Vista Home 64. Und zur Sache: Seit heute erscheint auch beim einmaligen Drücken der Accent-Taste (die rechts neben dem Fragezeichen) der selbe sofort doppelt (´´). Wie eine ausgiebige Recherche via Google ergab, weder Novum noch einmalig. Dennoch rätseln über die Ursache offenbar selbst Experten. Bisweilen wird ein Virus als Auslöser vermutet, bewiesen ist das nicht. Nichtsdestoweniger veranlasste ich eine komplette Systemanalyse. Ccleaner leistete Vorarbeit, Malwarebytes fand gar nichts. Auch ein kompletter Scan mit Antivir blieb ergebnislos - angeblich alles sauber. Auch die Auto-Auswertung eines frischen HijackThis-Logs brachte nichts ernstes zutage. Was mich dennoch skeptisch macht (neben der Tatsache, dass das Problem bestehen blieb), ist der laufende Prozess luuv.exe. Der ist anscheinend "google"sicher, will heißen: Ich finde zu jedem meiner laufenden Anwendungen eine Einstufung und Beschreibung online, nur zu diesem nicht. Aus den Eigenschaften: C:\Users\****\AppData\Roaming\Esfyp. Der Versuch, den Prozess aus dem Autostart zu nehmen, fruchtete nicht. Er kehrt immer wieder. Der Grund, weshalb ich einen Zusammenhang zwischen dem Accent-Problem und dem luuv.exe-Prozess sehe: Seit heute wird bei jedem Systemstart zudem sofort eine Internetverbindung hergestellt. Und ich kann mich an "luuv.exe" aus früheren Systemoptimierungen partout nicht erinnern. Vor einer Neuaufsetzung des gesamten Systems schrecke ich entschlossen zurück. Deshalb hoffe ich auf euren Rat und Hilfe. Habt vielen Dank für jeden Vorschlag. Toni Die Logs: Code:
ATTFilter Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3756 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 25.07.2010 16:17:40 mbam-log-2010-07-25 (16-17-40).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 343675 Laufzeit: 1 hour(s), 5 minute(s), 57 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:38:18, on 25.07.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe C:\Users\***\AppData\Roaming\Esfyp\luuv.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\***\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe" -reg O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8}] C:\Users\Altmann\AppData\Roaming\Esfyp\luuv.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E19DCCBB-4A58-499D-A97D-F6126CDDA31E}: NameServer = 213.191.74.18 62.109.123.197 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Softwarelizenzierung (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) |
27.07.2010, 13:43 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Doppelte Accents und ein googlesicherer ProzessZitat:
Wir sind bei v1.46 und DB-Version 4350 oder höher!
__________________ |
27.07.2010, 15:21 | #3 |
| Doppelte Accents und ein googlesicherer Prozess Grüß dich Arne,
__________________und vielen Dank für den Hinweis, wenngleich ich das auch selbst hätte bemerken müssen. Nun, habe die Aktualisierung prompt veranlasst und ... nichts. Wenn ich ehrlich bin, wäre mir ein Fund lieber gewesen. Dann wüsste ich, woran ich bin. Nichtsdestoweniger vielen Dank. Toni Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4357 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 27.07.2010 16:14:34 mbam-log-2010-07-27 (16-14-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 345784 Laufzeit: 1 Stunde(n), 9 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
27.07.2010, 15:34 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Doppelte Accents und ein googlesicherer Prozess Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
27.07.2010, 16:27 | #5 |
| Doppelte Accents und ein googlesicherer Prozess Abermals vielen Dank! Code:
ATTFilter OTL logfile created on: 27.07.2010 16:48:49 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172,79 Gb Total Space | 55,39 Gb Free Space | 32,06% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 257,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\***\AppData\Roaming\Esfyp\luuv.exe () PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe () PRC - C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe () PRC - C:\Programme\ASUS\Ai Suite\AiNap\AiNap.exe () PRC - C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe () PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe () PRC - C:\Windows\SysWOW64\PSIService.exe () PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( ) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (57xx SteelVine Manager) -- C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe () SRV - (lxbk_device) -- C:\Windows\SysWow64\lxbkcoms.exe ( ) SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (ULCDRHlp) -- C:\Windows\SysNative\Drivers\ULCDRHlp.sys File not found DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys (H+H Software GmbH) DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys (Pinnacle Systems GmbH) DRV - (ULCDRHlp) -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys (Ulead Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cpu Level Up help] C:\Programme\ASUS\Ai Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Launch As Cmd Runner] C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe () O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8}] C:\Users\***\AppData\Roaming\Esfyp\luuv.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\Pictures\Wallpaper\dawn-1024x.jpg O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\Wallpaper\dawn-1024x.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell - "" = AutoRun O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell\AutoRun\command - "" = F:\Setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.27 16:47:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Altmann\Desktop\OTL.exe [2010.07.27 15:03:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.27 15:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.07.06 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Altmann\AppData\Roaming\Skype [2010.07.06 00:38:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.07.06 00:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.04.07 15:05:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll [2010.04.07 15:05:29 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll [2010.04.07 15:05:29 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll [2010.04.07 15:05:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll [2010.04.07 15:05:29 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll [2010.04.07 15:05:29 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll [2010.04.07 15:05:29 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll [2010.04.07 15:05:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll [2010.04.07 15:05:29 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll [2010.04.07 15:05:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll [2010.04.07 15:05:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.27 16:51:02 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.07.27 16:47:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.07.27 14:55:37 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.27 14:55:37 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.27 10:55:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.27 10:55:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.27 10:55:31 | 4293,971,968 | -HS- | M] () -- C:\hiberfil.sys [2010.07.27 03:33:22 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{310d4d84-8c26-11dd-8964-e20a9a6109df}.TMContainer00000000000000000002.regtrans-ms [2010.07.27 03:33:22 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{310d4d84-8c26-11dd-8964-e20a9a6109df}.TM.blf [2010.07.26 15:53:55 | 003,704,685 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.07.25 22:38:50 | 000,002,516 | ---- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2010.07.24 19:14:03 | 000,041,272 | ---- | M] () -- C:\Users\***\Documents\Vokabeln Italienisch.docx [2010.07.23 22:30:51 | 000,012,915 | ---- | M] () -- C:\Users\***\Documents\***.docx [2010.07.20 17:26:46 | 000,013,776 | ---- | M] () -- C:\Users\***\Documents\***.docx [2010.07.19 15:45:17 | 000,020,384 | ---- | M] () -- C:\Users\***\Documents\italienisch.docx [2010.07.18 16:19:25 | 000,010,528 | ---- | M] () -- C:\Users\***\Documents\***.docx [2010.07.15 16:41:55 | 000,026,624 | ---- | M] () -- C:\Users\***\Documents\***.doc [2010.07.15 16:38:46 | 000,011,479 | ---- | M] () -- C:\Users\***\Documents\***.docx [2010.07.14 19:35:05 | 000,000,843 | ---- | M] () -- C:\Users\***\Desktop\Carom3D.lnk [2010.07.14 19:35:05 | 000,000,026 | ---- | M] () -- C:\Windows\NeoSetup.INI [2010.07.13 02:28:58 | 000,010,277 | ---- | M] () -- C:\Users\***\Documents\***.docx [2010.07.13 02:00:18 | 000,011,733 | ---- | M] () -- C:\Users\***\Documents\***.docx [2010.07.08 05:10:07 | 000,061,952 | ---- | M] () -- C:\Users\***\Documents\***.doc [2010.07.08 01:03:19 | 000,059,904 | ---- | M] () -- C:\Users\***\Documents\***.doc [2010.07.07 17:17:49 | 000,036,548 | ---- | M] () -- C:\Users\***\Documents\***.docx [2010.07.03 19:27:44 | 001,559,225 | ---- | M] () -- C:\Users\***\Documents\Titelübersicht.xlsx [2010.07.01 17:31:17 | 000,012,170 | ---- | M] () -- C:\Users\***\Documents\***.docx [2010.06.30 16:44:11 | 000,010,033 | ---- | M] () -- C:\Users\***\Documents\***.docx [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.23 22:30:50 | 000,012,915 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.07.20 17:26:45 | 000,013,776 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.07.15 16:41:55 | 000,026,624 | ---- | C] () -- C:\Users\***\Documents\***.doc [2010.07.15 16:34:47 | 000,011,479 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.07.14 19:35:05 | 000,000,843 | ---- | C] () -- C:\Users\***\Desktop\Carom3D.lnk [2010.07.13 02:28:58 | 000,010,277 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.07.09 16:01:40 | 000,011,733 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.07.08 04:56:02 | 000,061,952 | ---- | C] () -- C:\Users\***\Documents\***.doc [2010.07.07 17:19:06 | 000,059,904 | ---- | C] () -- C:\Users\***\Documents\***.doc [2010.07.07 16:31:33 | 000,036,548 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.07.01 17:31:16 | 000,012,170 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.06.30 16:44:11 | 000,010,033 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.06.28 15:49:30 | 000,020,384 | ---- | C] () -- C:\Users\***\Documents\***.docx [2010.04.07 15:05:29 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll [2010.04.07 15:05:29 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.02.04 03:11:05 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI [2009.12.03 20:06:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.12.03 20:05:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.10.18 12:38:22 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.06.13 13:33:54 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2009.04.04 21:40:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2008.12.11 20:03:22 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2008.12.11 20:03:22 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2008.12.11 20:03:22 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2008.10.25 14:50:52 | 001,618,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.10.06 17:01:06 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2008.09.27 18:33:51 | 000,002,516 | ---- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2008.09.27 18:33:51 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\6E2F276D85.sys [2008.09.27 02:08:02 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2008.09.27 02:08:02 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2008.09.27 02:07:59 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2008.09.27 02:07:59 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2008.09.27 01:50:49 | 000,032,591 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.09.27 01:47:18 | 000,031,828 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== Alternate Data Streams ========== @Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.07.2010 16:48:49 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172,79 Gb Total Space | 55,39 Gb Free Space | 32,06% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 257,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = F8 AF 85 BB 62 74 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{351A9297-1B4B-48A5-BF7F-597ED9855076}" = rport=445 | protocol=6 | dir=out | app=system | "{5DF49886-5698-41B9-89B1-6CA1BF8F91B3}" = lport=139 | protocol=6 | dir=in | app=system | "{61299FD9-1A79-4B45-A2BE-EDC4699C2C56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{646EC2F8-952C-493D-8958-86894275811B}" = lport=138 | protocol=17 | dir=in | app=system | "{7FD30BD1-4F09-45F4-80ED-F83218C95307}" = lport=137 | protocol=17 | dir=in | app=system | "{809BF2A4-52D0-4639-871A-FC78EFE0F574}" = rport=139 | protocol=6 | dir=out | app=system | "{A3D9E32D-A783-4B15-B547-559A68F202AE}" = rport=137 | protocol=17 | dir=out | app=system | "{A66F6BBE-5199-451D-82B7-0A2757229362}" = lport=445 | protocol=6 | dir=in | app=system | "{B9919E58-6710-49E7-ABCD-5BC277342325}" = rport=138 | protocol=17 | dir=out | app=system | "{E37796F5-58A6-4674-9A0C-3A55CBB0C459}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F8B20591-CDC2-4132-91C6-30B1DDBE6B07}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{031886D9-C4BB-49CA-BB62-619482336766}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | "{1659EA2E-2B3A-4335-99FE-95A4B4109416}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{188195B9-0BBD-4C2F-98AF-2FFA1971091D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{18E9ABAC-E81F-45FD-9C85-2097DDFFD9CD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{1B85DDE8-E417-44F2-B6B4-B9D69C7FBCCA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{23193C42-C987-40A5-B721-473380D1F228}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe | "{24729462-1FE8-4475-8625-977A24F566B4}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe | "{2625A31C-2814-41A3-B475-BF00DB191F10}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe | "{26D4D386-F8B6-47AA-988C-5D5F4F9DBE33}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{2BC08216-3B95-48A4-B358-4C65E4CC69F3}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{363BB8F7-4E29-4496-A7B6-E6FD11188CBF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{389658D3-B9E0-4C5C-9329-2F7192D7EF5E}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{3D209B13-6C41-4D27-8485-EE5E1F7B6478}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{3F09D068-4CBE-4C6E-86D1-7E2A2D914D24}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{3F99FBAB-C49E-4D66-9385-B6CB580F64C6}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe | "{412AC762-4521-4B02-B74C-A86837BB9526}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{48AF3712-8D95-4D99-B401-7B654BEDF5ED}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe | "{4BF58284-48CD-4A05-AFCF-0966FB59DB4C}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe | "{5052647A-AA9A-4584-A9CB-1289C6B4C71D}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe | "{540118CD-806D-4852-B8DA-2B6554C8CE96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{554E0975-02D3-487C-AF97-D7D0A46416A9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe | "{57D0676E-18C7-41E6-9C6A-8EF3150C4CB8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5A4833D1-EC5F-4A90-9A5F-C1FD3C00C967}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5C506C97-7C9A-421C-A018-A0E4D9DBB8FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{687D98E6-5893-42CE-B649-3D81881A16E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | "{6AAF876A-35C2-4FFE-9C09-51E93136FAA6}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{6B94FC65-5FD7-42BE-8DD4-DE69A9D44725}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | "{6FFDD4F0-1C77-4F8B-BA8A-24C86CDEA656}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{72866F78-F88C-4C72-B820-D4EF8A4EEEC8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | "{786B35EC-8739-4419-9217-CF804B168DB8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7BD53F92-E2D5-41DC-BAFB-E53678721E22}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{7D6F3F89-BCA6-47DB-B85D-1BE48FA337A5}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe | "{8814A75E-1A26-46E0-AEAA-C2C8A8F6FE37}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{88F037B3-E104-45BC-965B-11AEB6B004C4}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe | "{8D8410EE-A53D-4153-B1FF-27AEE836A4A8}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe | "{8F066784-BF75-4AF2-AFC9-39FA145C267F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{97561EBA-AE0F-4B47-BBF6-4B3C4BA860D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{986141C1-5F34-41CB-A700-E60E895A037B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A0769E0B-9684-403B-88D8-1A92DD5E5530}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{A246F189-71EE-479C-B6AD-1F56E440F568}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{A530A10D-A1CB-4E30-9FAA-751708F3249D}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe | "{A9E0589F-A0B3-450F-8F51-CAD427424B31}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{ACA5BF91-0024-4456-AC5D-BF6F4BCBD0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{AD9AE378-041B-40B3-ABD4-38AD7C56F37E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | "{B2470C25-059E-44CE-B928-E8509D22016A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B5F26C44-21EC-4DE9-867D-0DE07754EDAF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BCD00DD6-CB09-4CEE-957A-40AB34C91B10}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | "{BEE146ED-DB59-4493-AC5F-DA4B6432D7A1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{C34B3763-8AF1-4C52-A973-B0CF7D5766DC}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{C5854358-38DB-4C7D-9E08-A658932C4375}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D13E0466-434B-4B11-8EAB-D6468BEFE748}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{DDCD6DED-3B60-41A8-B594-F8D754D434BD}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe | "{E5EE7FFF-362C-44A0-8DB9-8DF40AAA63E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F0985B42-9F97-4CAA-AF5D-32B8808F1002}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{F92602A9-983D-4640-98AD-2C54A7A178D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe | "{FAC15C13-7AD9-4967-B61F-335543CD8965}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{FFEF3A25-F639-4C63-9E82-9CF8E47C3D21}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "TCP Query User{05803F03-CC30-4CFF-8E1D-95C463CE49C0}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{0695CC27-F07E-478D-8001-8ACAD05483D0}C:\users\***\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | "TCP Query User{10BCE5D2-F1E5-478A-9D2E-1C39EE3ED802}C:\program files (x86)\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namco bandai games\warhammer® mark of chaos\warhammer.exe | "TCP Query User{16ED6846-95F2-49B4-AD8B-22E81EDB80ED}C:\users\***\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | "TCP Query User{23BD9A6A-B053-432C-AAA5-4FBE1C9838E2}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{2A2806A5-73CB-4F01-B6D4-8E74FDAEF9FE}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | "TCP Query User{3858FB50-B7E3-419B-BEA1-7AE1170DB5A8}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "TCP Query User{40BFE0D5-854B-4A2B-8751-B7B77457728B}C:\program files (x86)\activision\ef2\ef2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\ef2\ef2.exe | "TCP Query User{70CA8EBC-F873-4CB5-95C2-375D3801222B}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe | "TCP Query User{80C39B99-51E4-4E70-8FAE-57D7EF75149F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{9377327A-478F-4A4C-8247-CA7B938D31DC}C:\program files (x86)\ea sports\fifa 08\fifa08.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 08\fifa08.exe | "TCP Query User{957F90BA-2103-4773-AF6A-769DEDA04376}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | "TCP Query User{97375AD9-D51A-4D29-AB3F-FF9FA7AC2A92}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{A20B9790-48F8-45B0-9229-1784B0008C58}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe | "TCP Query User{B1BF7C39-C989-4A21-BD64-9ED338A2230B}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | "TCP Query User{B74049F9-8DFD-413A-9F3F-FEC8F345B0F7}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe | "TCP Query User{C6E49E52-3357-4649-89C9-49E686B2CA66}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{CD320F86-33E6-42AD-9261-4F58991B3331}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe | "TCP Query User{D002DF69-216C-4839-B767-6E6F64D51AAF}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{DCAA6A9A-B4C8-4864-A26F-469114676499}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | "TCP Query User{E0943331-FBD0-40A0-9599-4D1CD86E5A16}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe | "TCP Query User{F240310E-392E-4263-8C7C-8A9A7EFD4189}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | "TCP Query User{F413F923-4EF0-42C9-8922-692900C75215}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{F96287E5-0B11-4039-8A0C-3A8369BC7363}C:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe | "UDP Query User{12CC6E85-6336-482A-9924-DEF711917355}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "UDP Query User{22BEE710-B4A8-42E2-8F80-7036300F7931}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{2E8195E5-035D-4D97-AE23-9335DCA3142B}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe | "UDP Query User{3348E97E-5149-4930-88C8-DFDCECDB3AE4}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{40902EDB-26A7-49B3-BBCF-B253D7E48C5D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{42DC0232-FD0E-4845-AB3F-436B9605272C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{4B7A00DC-E53B-48EB-B632-991B371E5D8B}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe | "UDP Query User{579B39E9-CA7D-4435-84E2-56B0F304292B}C:\users\altmann\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | "UDP Query User{61ACCCB5-5F49-4019-B4BF-18441D343AC3}C:\program files (x86)\ea sports\fifa 08\fifa08.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 08\fifa08.exe | "UDP Query User{61D2C660-F39F-491C-8269-38C05F9ACDF1}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe | "UDP Query User{627EECFC-F6F4-42BD-853E-7DA161B45B32}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | "UDP Query User{72B0E132-2BE9-4068-B271-2874C7DDD2C5}C:\users\***\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files (x86)\dna\btdna.exe | "UDP Query User{74CF1D2B-0B8D-4836-B4AB-51BD5676966A}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | "UDP Query User{90F5D1D5-2B7C-415A-9315-094F01CD9C1A}C:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe | "UDP Query User{966FC014-25AC-4D38-B467-00F1E4C641CA}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | "UDP Query User{973B4843-9C57-490A-AD12-074C2FE9688D}C:\program files (x86)\namco bandai games\warhammer® mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namco bandai games\warhammer® mark of chaos\warhammer.exe | "UDP Query User{98C345B3-3148-4317-857B-220013FCA0DE}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe | "UDP Query User{A4EAE3DF-22D8-4E95-82E0-2796CC030283}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe | "UDP Query User{A68D8B10-8AEE-41E2-8F1D-DC0B07CC3350}C:\program files (x86)\activision\ef2\ef2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\ef2\ef2.exe | "UDP Query User{BA6537C2-47E9-4F10-8393-D3FFD64AA87D}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | "UDP Query User{DB674D28-5D73-41C9-A9FC-93193DF53D91}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{E01F98C6-727C-4823-9173-B45FBF0E3BE1}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe | "UDP Query User{E9A108DA-A111-4FBA-9991-A5CA8D4EE43C}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{23DECE04-CB38-2CB1-9DC4-10AAF53CBC7A}" = ccc-utility64 "{69664D82-59E1-23B8-6265-6258D7316FA7}" = ATI Catalyst Install Manager "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "Lexmark X1100 Series" = Lexmark X1100 Series "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5 "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0E567B5E-4D69-2CAD-FBE7-D67C7C113142}" = CCC Help English "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09 "{26ECD60F-4038-84B7-CBA7-96C981B2D90A}" = ccc-core-static "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{4E242EA4-FD8D-835C-FFE2-5CDB88CB8FFC}" = Catalyst Control Center InstallProxy "{50E140BC-1F23-CFDB-7B7E-1D872611EDC5}" = Catalyst Control Center Graphics Previews Common "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5A4161E3-7E06-0E09-FDF0-80BEFAAFABC9}" = Skins "{5AD39E4B-5CE4-B938-1630-946E908566DF}" = Catalyst Control Center Core Implementation "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{685C7EBA-82F4-44F8-9514-911A69850DA3}" = Express Gate "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{944DFFA1-E785-04EE-6083-D80F86C41E57}" = Catalyst Control Center Graphics Light "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A06C3BF4-E6E8-4F56-2C7E-412F907E94F9}" = Catalyst Control Center Graphics Full New "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 "{A434533D-989F-0440-1D1F-A784F64E15F3}" = HydraVision "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7709081-CE4E-4339-A727-F88E648F92FA}_is1" = Oblivion Improved 1.41 "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BDD11F42-6F08-4BB6-B4CA-3258BB58CDD5}" = Drive Xpert "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C0C18638-8DF5-905A-20F0-33833DAADA2F}" = Catalyst Control Center Graphics Previews Vista "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4 "{CD1685DD-5186-A6B9-446E-07FBAB1CE9D1}" = Catalyst Control Center HydraVision Full "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E1257B1A-65F6-D197-4A03-B480E545ECA2}" = Catalyst Control Center Graphics Full Existing "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2 "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Any Video Converter_is1" = Any Video Converter 2.7.5 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Carom3D" = Carom3D "CCleaner" = CCleaner "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Setup.divx.com" = DivX-Setup "DVD Shrink_is1" = DVD Shrink 3.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fraps" = Fraps "Guild Wars" = GUILD WARS "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "LeechFTP" = LeechFTP "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "mv61xxDriver" = marvell 61xx "Oblivion mod manager_is1" = Oblivion mod manager 1.1.12 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TIPP10_is1" = TIPP10 Version 2.0.3 "WinRAR archiver" = WinRAR "wxPython2.8-ansi-py25_is1" = wxPython 2.8.0.1 (ansi) for Python 2.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07.01.2010 09:22:21 | Computer Name = ** | Source = WinMgmt | ID = 10 Description = Error - 07.01.2010 11:10:56 | Computer Name = ** | Source = EventSystem | ID = 4621 Description = Error - 07.01.2010 13:14:17 | Computer Name = ** | Source = WinMgmt | ID = 10 Description = Error - 08.01.2010 11:26:32 | Computer Name = ** | Source = WinMgmt | ID = 10 Description = Error - 09.01.2010 00:47:40 | Computer Name = ** | Source = EventSystem | ID = 4621 Description = Error - 09.01.2010 12:01:48 | Computer Name = ** | Source = WinMgmt | ID = 10 Description = Error - 10.01.2010 02:08:11 | Computer Name = ** | Source = EventSystem | ID = 4621 Description = Error - 10.01.2010 11:25:25 | Computer Name = ** | Source = WinMgmt | ID = 10 Description = Error - 10.01.2010 15:00:44 | Computer Name = ** | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FIFA09.exe, Version 0.0.0.0, Zeitstempel 0x4900ff03, fehlerhaftes Modul DINPUT8.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a672, Ausnahmecode 0xc0000005, Fehleroffset 0x00000116, Prozess-ID 0x2a4, Anwendungsstartzeit 01ca920bc618a4eb. Error - 11.01.2010 00:22:31 | Computer Name = ** | Source = EventSystem | ID = 4621 Description = [ OSession Events ] Error - 27.10.2009 08:41:25 | Computer Name = ** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2718 seconds with 1380 seconds of active time. This session ended with a crash. [ System Events ] Error - 25.07.2010 12:50:43 | Computer Name = ** | Source = Service Control Manager | ID = 7026 Description = Error - 26.07.2010 05:31:38 | Computer Name = ** | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 26.07.2010 05:31:40 | Computer Name = ** | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 26.07.2010 05:33:20 | Computer Name = ** | Source = Service Control Manager | ID = 7026 Description = Error - 26.07.2010 11:55:26 | Computer Name = ** | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 26.07.2010 11:55:28 | Computer Name = ** | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 26.07.2010 11:57:09 | Computer Name = ** | Source = Service Control Manager | ID = 7026 Description = Error - 27.07.2010 04:55:27 | Computer Name = ** | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.07.2010 04:55:29 | Computer Name = ** | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 27.07.2010 04:57:10 | Computer Name = ** | Source = Service Control Manager | ID = 7026 Description = < End of report > |
27.07.2010, 16:41 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Doppelte Accents und ein googlesicherer Prozess Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL PRC - C:\Users\***\AppData\Roaming\Esfyp\luuv.exe () O4 - HKCU..\Run: [{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8}] C:\Users\***\AppData\Roaming\Esfyp\luuv.exe () O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell - "" = AutoRun O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell\AutoRun\command - "" = F:\Setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found @Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF :Files C:\Users\***\AppData\Roaming\Esfyp :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Doppelte Accents und ein googlesicherer Prozess |
27.07.2010, 16:59 | #7 |
| Doppelte Accents und ein googlesicherer Prozess Tausend Dank für die idiotensichere Anleitung, Arne. Habe ich erledigt! Bemerkenswert: Nach dem Neustart wird weder eine Verbindung ohne meine Einwilligung hergestellt, noch besteht das Accent-Problem weiterhin. Es scheint, als wären meine Schwierigkeiten allesamt bereinigt und diese bizarre Datei tatsächlich schuld gewesen. Ich poste das neue Log dennoch: Code:
ATTFilter All processes killed ========== OTL ========== No active process named luuv.exe was found! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EA330D9-8D85-5E4D-9971-80E8A4CBA9B8}\ not found. C:\Users\***\AppData\Roaming\Esfyp\luuv.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found. File F:\Setup\rsrc\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0090fb33-96c4-11dd-b1bc-0022155a6c90}\ not found. File F:\Directx\dxsetup.exe not found. ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully. ========== FILES ========== File\Folder C:\Users\***\AppData\Roaming\Esfyp not found. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: *** ->Temp folder emptied: 1777741 bytes ->Temporary Internet Files folder emptied: 13376760 bytes ->Flash cache emptied: 42520 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 356352 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 55242 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 127730 bytes Total Files Cleaned = 15,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 07272010_174606 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YE410V43\88670-doppelte-accents-und-ein-googlesicherer-prozess[1].html moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MUTEGC3H\ads[6].htm moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1PVC9B9Y\ads[3].htm moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1E7D1GY4\ads[5].htm moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot... Liebe Grüße Toni |
29.07.2010, 13:08 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Doppelte Accents und ein googlesicherer Prozess Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
29.07.2010, 18:10 | #9 |
| Doppelte Accents und ein googlesicherer Prozess Okay, geschehen und beide scheinen bedenkenlos. Bleibt mir die abschließende Frage: Was war das für eine Datei? Antivir schlug an, als ich es mir eingefangen habe, ich drückte auf "Entfernen". Danach fand weder Antivir noch Malwarebytes Spyware respektive Trojaner. Dennoch war diese ominöse Datei da. Nach dem letzten Malwarebytes-Scan (direkt im Anschluss) schlug Antivir (!!!) plötzlich noch einmal an und fand sie erneut in der OTL-Karantäne. Ich drückte wieder auf "Entfernen". Nun scheint sie wirklich weg zu sein. Kein Fund, kein Accent-Problem, kein eigenmächtiges Starten der Verbindung. Also: Womit habe ich es hier zu tun gehabt? Lieben Dank abermals für alles. Toni Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4366 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 29.07.2010 16:21:13 mbam-log-2010-07-29 (16-21-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 344145 Laufzeit: 1 Stunde(n), 8 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 07/29/2010 bei 06:35 PM Version der Applikation : 4.41.1000 Version der Kern-Datenbank : 5284 Version der Spur-Datenbank : 3096 Scan Art : kompletter Scann Totale Scann-Zeit : 02:00:29 Gescannte Speicherelemente : 675 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 12487 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 227571 Erfasste Datei-Elemente : 0 |
29.07.2010, 19:23 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Doppelte Accents und ein googlesicherer Prozess Was das genau war, lässt sich jetzt wohl nicht mehr klären. Falls Du diese luuv.exe noch hast, kannst Du sie aber nochmal bei Virustotal.com auswerten lassen und die Ergebnisse hier komplett posten. Wenn Du willst kannst Du sie auch bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Doppelte Accents und ein googlesicherer Prozess |
adobe, antivir, antivir guard, avg, avira, bho, bonjour, browser, computer, cpu, desktop, google, helper, hijack, home, launch, object, problem, prozess, rundll, scan, senden, software, system, syswow64, virus, vista |