Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Einige Viren gefunden und ich glaube es werden mehr...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 01.08.2010, 16:23   #1
kosova
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



highjack this file:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:14:18, on 01.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\***\Desktop\HiJackThis204.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8803 bytes
         
--- --- ---



screenshots:





bitte schnelle antwort

Alt 03.08.2010, 11:32   #2
Larusso
/// Selecta Jahrusso
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________

__________________

Alt 05.08.2010, 08:35   #3
kosova
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



ok ich fange jetzt an !

__________________

Alt 05.08.2010, 10:18   #4
kosova
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



Fehlermeldung!
Bis GMER ist alles gut gegangen...

Beim Scann von GMER kam dann eine Windowsmeldung GMER funktioniert nicht mehr blah blah dann ging nichts mehr. Das Laptop hat gehangen und ich musste ihn manuell aus machen!

Was soll ich jetzt tun ?



PS:
bitte das mal anschauen...



und




danke

Alt 05.08.2010, 10:27   #5
Larusso
/// Selecta Jahrusso
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



Steht nicht irgendwo in der .pdf das wenn man Probleme hat mit dem nächsten Schritt fortfahren soll ?

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 05.08.2010, 11:03   #6
kosova
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



hier die scans:


Malwarebytes' Anti-Malware
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4391

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

05.08.2010 10:38:20
mbam-log-2010-08-05 (10-38-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146502
Laufzeit: 14 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Otl.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.08.2010 11:33:47 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,43 Gb Total Space | 35,15 Gb Free Space | 39,30% Space Free | Partition Type: NTFS
Drive D: | 52,78 Gb Total Space | 52,69 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.05 09:43:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe
PRC - [2010.04.22 21:36:22 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.09.23 13:56:11 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.03.26 20:43:02 | 000,864,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007.03.26 20:42:38 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 20:39:32 | 000,991,600 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.12.14 18:40:13 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006.12.14 18:38:57 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006.12.14 18:38:49 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.12.14 18:38:11 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006.12.07 19:51:04 | 001,143,152 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.05 09:43:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe
MOD - [2008.08.28 05:37:46 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008.05.27 07:18:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.01.19 09:36:40 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008.01.19 09:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2008.01.19 09:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.19 09:34:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008.01.19 09:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.04.22 21:36:22 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.09.23 13:56:11 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.03.26 20:43:02 | 000,864,816 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.14 18:40:13 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2006.12.14 18:40:13 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006.12.14 18:38:57 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.12.14 18:38:57 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.12.14 18:38:57 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.12.14 18:38:11 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006.12.14 18:36:29 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.12.14 18:34:37 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipswuio.sys -- (ipswuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.09.23 13:57:12 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.03.26 20:43:00 | 000,039,472 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.03.26 20:42:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.03.26 20:42:44 | 000,108,592 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.03.06 06:24:05 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007.03.06 06:24:05 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007.01.23 05:00:59 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.12.14 18:41:05 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.12.14 18:41:05 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.12.14 18:40:53 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006.12.14 18:40:53 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006.12.14 18:40:51 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006.12.14 18:40:45 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006.12.14 18:38:35 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
DRV - [2006.12.14 18:38:33 | 000,102,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2006.12.14 18:38:33 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
DRV - [2006.12.14 18:38:31 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006.12.14 18:34:33 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 07:48:53 | 000,181,304 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.14 13:42:45 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 11:26:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 11:26:36 | 000,000,000 | ---D | M]
 
[2009.02.13 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.05 09:41:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions
[2010.05.01 13:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.01 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions\youtube2mp3@mondayx.de
[2009.12.23 20:25:53 | 000,002,171 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d7v1sep4.default\searchplugins\bing.xml
[2010.08.05 09:41:46 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d7v1sep4.default\searchplugins\icqplugin.xml
[2010.04.05 09:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.12.23 20:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.01 11:26:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 11:26:28 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.01 11:26:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.01 11:26:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.01 11:26:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f1aff52f-7591-11dc-8953-001d60a340fa}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.05 11:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.08.05 10:20:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.05 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.05 09:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.08.05 09:47:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.05 09:45:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.05 09:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.05 09:44:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.05 09:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.05 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools
[2010.08.01 17:08:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.08.01 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\***
[2010.08.01 16:14:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\***
[2010.08.01 16:09:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.08.01 16:03:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\***
[2010.08.01 16:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010.08.01 09:14:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\***
[2010.06.20 12:27:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010.06.20 12:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.06.13 10:47:58 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.06.13 10:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.06.13 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010.06.13 10:08:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\***
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.05 11:40:42 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.05 11:17:41 | 000,074,886 | ---- | M] () -- C:\Users\***\Desktop\22.jpg
[2010.08.05 11:15:50 | 000,099,374 | ---- | M] () -- C:\Users\***\Desktop\11.jpg
[2010.08.05 11:02:04 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.08.05 11:02:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 11:02:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 11:01:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.05 11:01:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.05 11:01:39 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 10:18:54 | 000,000,740 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.08.05 10:18:54 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.08.05 10:11:18 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.08.05 10:09:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.05 10:09:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.05 10:09:00 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.05 09:46:13 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 09:43:06 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.08.05 09:38:39 | 000,410,784 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2010.08.05 09:36:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EEC096F7-0D97-41BE-87E6-24872796CCD2}.job
[2010.08.01 17:23:16 | 002,991,909 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.01 17:20:00 | 000,093,943 | ---- | M] () -- C:\Users\***\Desktop\c.jpg
[2010.08.01 17:19:27 | 000,094,891 | ---- | M] () -- C:\Users\***\Desktop\a.jpg
[2010.08.01 17:18:20 | 000,079,217 | ---- | M] () -- C:\Users\***\Desktop\b.jpg
[2010.08.01 17:08:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.08.01 16:55:59 | 000,030,720 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.01 16:06:34 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.01 16:06:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.01 16:06:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.01 16:06:34 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.01 16:06:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.01 16:02:48 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.06.20 12:26:27 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.06.20 11:22:19 | 000,372,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.13 10:45:29 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.05.15 20:52:30 | 000,021,504 | ---- | M] () -- C:\Users\***\Desktop\***
 
========== Files Created - No Company Name ==========
 
[2010.08.05 11:17:40 | 000,074,886 | ---- | C] () -- C:\Users\***\Desktop\22.jpg
[2010.08.05 11:15:49 | 000,099,374 | ---- | C] () -- C:\Users\***\Desktop\11.jpg
[2010.08.05 10:39:30 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2010.08.05 10:18:54 | 000,000,740 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.08.05 10:18:54 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.08.05 09:46:13 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 09:43:05 | 000,284,915 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.08.05 09:38:19 | 000,410,784 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2010.08.01 17:19:59 | 000,093,943 | ---- | C] () -- C:\Users\***\Desktop\c.jpg
[2010.08.01 17:19:27 | 000,094,891 | ---- | C] () -- C:\Users\***\Desktop\a.jpg
[2010.08.01 17:18:19 | 000,079,217 | ---- | C] () -- C:\Users\***\Desktop\b.jpg
[2010.08.01 16:02:48 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.06.20 12:26:27 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.06.13 10:45:29 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2009.10.16 16:27:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.03.04 15:49:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.03.04 15:48:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.06 19:52:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.02.05 21:06:54 | 000,000,231 | ---- | C] () -- C:\Windows\pwcsu.INI
[2007.12.25 10:20:09 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.06 13:36:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.06 06:49:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007.03.06 05:34:09 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2008.02.06 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BearShare
[2009.07.25 12:49:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.11.18 20:07:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2008.06.15 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2009.01.28 20:17:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoipCheapCom
[2007.12.12 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BearShare
[2007.10.13 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ
[2010.08.01 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.05.06 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2007.10.07 12:17:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2008.03.04 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2008.06.15 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2007.12.27 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2008.06.15 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\zweitgeist
[2010.08.05 10:09:15 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.05 09:36:06 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EEC096F7-0D97-41BE-87E6-24872796CCD2}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.19 09:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007.04.18 11:26:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007.04.04 06:01:54 | 000,000,019 | ---- | M] () -- C:\CA12.txt
[2007.12.25 10:22:26 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007.09.23 14:34:42 | 000,018,977 | ---- | M] () -- C:\devlist.txt
[2007.09.23 14:31:21 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2010.08.05 11:01:39 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2007.04.15 01:26:25 | 000,000,027 | ---- | M] () -- C:\NERO.LOG
[2007.03.16 01:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_A.TXT
[2010.08.05 11:01:38 | 2452,160,512 | -HS- | M] () -- C:\pagefile.sys
[2007.07.19 01:40:45 | 000,000,508 | ---- | M] () -- C:\Patch.LOG
[2007.08.13 14:17:28 | 000,000,003 | ---- | M] () -- C:\PRO52H_VISTA32.RC4
[2007.09.23 14:02:36 | 000,000,087 | ---- | M] () -- C:\smsetup.log
[2006.05.16 02:22:24 | 000,000,005 | ---- | M] () -- C:\Store.LOG
[2007.04.18 04:55:28 | 000,000,018 | ---- | M] () -- C:\V52.TXT
[2007.08.07 14:52:09 | 000,524,288 | ---- | M] () -- C:\X51HAS.BIN
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009.07.10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2007.10.08 15:44:45 | 000,001,674 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2010.03.07 14:26:49 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008.08.12 05:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-05 09:36:07
< End of report >
         
--- --- ---





EXTRAS.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.08.2010 11:33:47 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,43 Gb Total Space | 35,15 Gb Free Space | 39,30% Space Free | Partition Type: NTFS
Drive D: | 52,78 Gb Total Space | 52,69 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DDFDFD-5AE5-494F-B9BE-08801EC52E15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{14B1D9C9-D5F0-4282-8630-3AF445279938}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{182A04F9-AA02-4A4D-91AD-97794CB0503F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{194A6510-70E5-423E-805E-A86D58A89075}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1A574C7B-3CC2-481B-8EC4-988C2EA73109}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C502FC8-6279-4D2E-8A45-BC3F8FADDEEE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{22ED9560-403C-422A-803D-A0EF2AAF366A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2902DBD1-C9D7-4F58-BCF1-CCA5CD867698}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2C30CDB0-D580-4BC3-881B-273138D324C4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2C94E36D-189A-42C8-A3E7-0A9FD136CDA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2CB7A6CB-42C4-4347-916E-E596F8D6B0AE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{32BBB011-A86A-4329-B3EA-8DF81ADBD227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3B8E7A41-0524-46A4-B08A-83C3FE954025}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3BEEDD3C-8F12-4C9C-BC1C-F2B3AF197196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4189BF6C-4190-4290-B283-42029A4B5066}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4258B5E2-E2D5-4ACD-ACAF-67ED42DA81CA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{44BDCA5B-CF70-43CD-A1A0-CF4240AEDF9C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46872824-70C3-4FFD-A74F-D52105AB41CF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{493623DC-A8BE-441B-9EE7-117BCEC11574}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{570DF674-C797-4A47-B084-E4A38CF7BA08}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D491FD8-67FE-4A5A-8A2C-82EA39C71441}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6796F886-E1A4-4C0B-9B70-F6B65024A4B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B6A4666-A3B9-4DED-A0C7-068A79DC097D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6DED261F-4B88-4680-AC67-5A3E8D7F903F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{73620316-CA3D-442A-A125-56CD0B9493DB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7FC1C4C6-773B-4283-9E96-3DADFA677AAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{81B3CA2F-DFB2-4846-94E4-9D5BA3B1F239}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8DB3F93F-98F9-4BCB-9731-B12E9710AE69}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8EFADE63-A748-4CA4-BC2A-E557C6C15A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{92872FCA-C049-4F2B-8FE5-AF4789BC3714}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{93D8BF9F-728F-45F9-BBC0-462CF56DADC0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9E53FD0E-35D0-439D-9CC3-9262EEC9BDC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A0631FBD-6752-4C6E-9D5F-FCA2192AA6EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A0C95452-7440-461A-A537-A1E471B86F39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A1080788-F980-4024-919A-3B94BB4F832C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A208B510-BFEC-421C-80CE-F1A632BDAE32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A5CE0F80-6F4F-4581-AD59-45C498F93182}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AD271C0D-7A46-49FD-B65E-35FF1FF3DB29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B42E8ADA-034B-4438-93CC-BAE879AC3F1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4960A27-E470-4C6D-B16E-DA4FE052860A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4CC46D3-B5B6-49F2-BF79-0482808AF062}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B6FCC415-875D-4346-A460-4F93AB515860}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BAB7ABF2-AD41-4609-A3BB-8BE71C877AD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BC50D0A5-1FFD-4A4E-ADA4-26EA4877F952}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BD1D5428-E512-4866-BB91-6E48AD9FB581}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BD75D67C-E48D-4556-A4B0-F6AA636AB49A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BFE0B685-2DE8-4311-97F9-8F081E981B18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BFF09C02-BB36-4F63-A950-824CAE1C58C0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C20E1B56-FE3E-4033-B094-03EFFFA6998B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C4C6BC2D-C2BA-4B36-B834-BE4EA302B5A3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C4E2251E-A5D8-410E-BD50-21AE5F02A7DB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C59F8E40-6432-4642-B559-2C73E33F50F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CEC79824-5B11-4C30-9792-420787BDEA1E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2F6A825-04DD-46B2-A418-0A2FF45D5CF7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D64CFBD9-5AB9-48CA-AB92-A1D95DC4CDD5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D865FC0C-4932-4643-B71D-1E699508F908}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9E74C1A-2E70-41E7-930C-C057B76B2D42}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA84A3A8-42DB-49F0-81FD-8117D942ABC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DE7C8110-1EBE-43D6-9D75-D602ED30AE1C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DEEDE401-8938-40C2-9335-8420A665D925}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E491628B-523F-4223-95F2-0071E8392B48}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE9B1426-C40E-48DD-941B-A4E87627F06C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F1782734-D86F-422B-9AA2-91EC4FA59ECA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FA4812A4-6D14-4D0B-9E92-55A509EE1B5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051358FA-9D9E-46FB-9536-4B09D293D3F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{09BED4DB-AB5B-4E8F-A91F-5978F02D39EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FD666DA-8CFA-4A57-99B9-39FC268472D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{14705897-C097-49DA-9E3D-814EA7B71A8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{208E3276-87E2-431D-B3C9-086013E0FEB9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{22DF2A99-1BA0-47B9-8D3A-DAA948AEF7C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{230F1C4E-6A18-4F1E-BF54-BE1AA88E8F14}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{28B34F1F-4EE8-431A-AE77-09511DC1C987}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2BA71F5D-96A0-4552-B18A-47B9D986C499}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{325C944B-D94E-4AA1-9BBC-6493A37DDCE5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3CFFF59F-3DAE-4065-B327-BFF0FF3CC1B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3D9CA623-E41A-4286-B82C-B0EAC8DFB334}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3DD24A5B-7AD2-488A-A5D0-70F20919D745}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3FD1D06A-F5EC-4C01-934E-645B2AFDAC7B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{45E4A016-9175-40B2-9380-393F8E05E189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4612C640-9845-49A5-873E-C68C5B7FF019}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{48C6B18B-0281-4487-BE9B-26BA2BEF0E54}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{497BD23A-B780-4F8E-9CFB-CF128A1DAA6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4ADF48C8-644E-468D-B934-5915AE753A57}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{4B0E48C7-23B2-45C9-AFB4-B27EA6FEB127}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5785845C-0646-44F4-BBE6-799D8A0F7727}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{61CE6370-395D-443A-99F3-6B5777F2A036}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6DC327C8-1299-41D9-B849-9133E7443AAA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{704F3941-FCCD-4FB4-8D27-20C28B056B3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{717CBB6F-A4E0-48D3-BA39-53F1B833771B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{72B83110-2828-480E-BDDA-3B94ED3258E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{72FF2703-60E1-41AD-BF4C-14D24B0F35FA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{73D44748-D2AA-438A-8A87-DD1871106E02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{76D8BDED-307A-45AE-8F1A-90F7DEFF2778}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7DC4FE22-8075-4439-A869-31A46C548A1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{805EC9C9-1B8B-4F36-9535-37C8A20714F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8B65B85A-6300-49C1-89E7-8318AB92B2D0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8B87277A-A424-47E8-89C2-E53E68436551}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{939B57A5-FBE3-4A71-BD3B-739C31B0FE9D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{9983AE7F-6EBE-4016-AC27-9E24559E8ECD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9C3D4F07-AFDB-46F1-9B95-E48505A47CF4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A01C83CB-266A-4749-89D9-CC9A087D2C83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A0F40E12-4817-4E9C-9BE2-940BCA092CB9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A16A7C67-C6C8-42D1-9CB9-DA08B40D3E2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A2E83690-E1DA-4CBC-A373-D9383CD62757}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A32F75F3-A67E-46A2-B70C-AE394BFD4B18}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A52EC4CD-0A06-41FB-A9D6-8939FCA9220C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A65E9548-93B9-4B8B-82AA-D3AD5F25E0E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A7F8AE94-F8BF-45DC-AF94-BC031889E084}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{AB203302-07F1-48C3-9F30-FCDE7DC56236}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{AF120394-9A7A-4432-BB35-BB6A3CE2FE68}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{B1B51401-4390-4981-AE8C-343A93462F7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B5768B67-6831-4094-8806-094A092FB3A2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B733CEA2-C953-4DB7-9CEC-33BA91B38645}" = protocol=6 | dir=out | app=system | 
"{B79A694A-8A84-44C9-9751-FCF6C525E605}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BA713261-B124-4605-9632-20DE07517A80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF39CDC4-9FCB-4C15-B489-1960A2C78833}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C40FFFE5-3183-4BEB-BF8B-CD5589E4982D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C66FAB51-B69F-4FF6-AFAC-51F08D2E2921}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C680C398-3244-4C3A-81AC-9ED29424F0FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CFBB2FA6-3C57-409F-9C55-60FEA9853D4A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D1824EAC-0E9A-4084-A43F-ED90A8F9C4B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1EC57BF-23E3-47BC-9E9B-4FCA31EC061C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{DBF89169-3ECF-4688-BC09-BEB01C6E6107}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E01171B4-576A-4205-A4EC-7A5CDA469EF8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E7119B0B-CF47-4085-B9A3-DC826EBD10BF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{EA19B270-5447-4CD4-9C99-A77DF7EAC890}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FAA82B90-BFB5-4940-827A-EA0416A20BB1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{FB035C54-139A-437D-B789-DAE5136AEEEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD4F0CD4-CAA6-479B-B48C-DBF3C90BA635}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{FFABC83D-162D-4B05-8DD1-7370071C2454}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{19F9942B-B259-4EBA-ACA9-489F151C4E82}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{1E2F7093-FF44-4362-B4AF-93A7D030EAC9}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{2250E818-FC8C-4401-B4A3-3D0057DE4F93}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{443AF89B-EE89-4685-94FF-5C9166E68430}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{482B662C-8CB5-4D2E-91EC-A0E97EFD7CF4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{61316D33-4C05-4E42-9CC1-476332270387}C:\users\***\desktop\msnmsgr.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | 
"TCP Query User{711FF911-61F6-4994-B6FB-B2EAF4321FAC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{8100E354-CC22-4D0C-8938-ABC7E9614D4D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{81687D01-309C-4115-AE9F-1D5156D070AF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{B3C337AF-501B-46B9-8B4C-AD5EE668A136}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{BBA9F86D-0B81-47AF-9ED5-3D038971901C}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{C1B0CFCB-284D-468B-B572-EF4B93B96D93}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{C2DCE119-5F24-4A9F-A767-C47019DA6F82}C:\users\***\desktop\msnmsgr.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | 
"TCP Query User{D9FDA144-47A4-49BB-93CF-068BF1AC91AB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{03F439AE-12F1-415A-A442-556230DAF28D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{10D3E8E6-E7EB-4B1F-AB84-383B225E0496}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{256DC0B9-02B1-431F-8105-B4572983A32D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{2C1F0200-0691-403B-9231-1F7F3B5CD7B0}C:\users\***\desktop\msnmsgr.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | 
"UDP Query User{36EBE536-C090-4849-8858-6F0B07A9DA62}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{42322A2F-FD97-4B3F-9F33-833487A20E32}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{64DF6376-DB12-41AA-A57D-F9C6684319F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{78870010-414F-4224-BCDB-E79B7BBB1109}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{7F02A13D-5EF4-4ED8-AB75-AC7DC776B792}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{9E846DEC-1D2C-4F97-95A4-1F3EE4C0AD8D}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{D46323D9-1E38-4759-B0B1-8E77C103F9ED}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D4FC010A-597B-43D3-8248-9393AFC05B49}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{EC67BE5F-875B-41FA-97AF-5454177EDE0B}C:\users\***\desktop\msnmsgr.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | 
"UDP Query User{EDFCB969-A96C-4570-A15C-0301EF94C587}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F32DF8-D66E-446A-A425-C1D7B45C1033}" = Nero 7 Essentials
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"PROHYBRIDR" = 2007 Microsoft Office system
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.03.2009 07:16:02 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 09.03.2009 07:20:17 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 07:26:12 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 07:35:34 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 09:04:52 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 09:06:13 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 09:07:34 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 09:08:55 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.03.2009 14:31:21 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 12.03.2009 15:37:38 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
[ Media Center Events ]
Error - 18.04.2008 13:41:55 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 05.08.2010 03:31:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.08.2010 03:33:43 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.32 für die Netzwerkkarte mit der Netzwerkadresse
 0015AF352224 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 05.08.2010 04:06:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 05.08.2010 04:06:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 05.08.2010 04:06:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 05.08.2010 04:10:45 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.08.2010 04:11:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.08.2010 05:01:46 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.08.2010 um 11:00:00 unerwartet heruntergefahren.
 
Error - 05.08.2010 05:01:58 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.08.2010 05:02:36 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---





mfg

Alt 05.08.2010, 12:37   #7
Larusso
/// Selecta Jahrusso
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



Schritt 1

Mehrere Anti-Virus-Programme

Code:
ATTFilter
Symantec/norton
Avira
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die anderen.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Schritt 2

Versuch GMER bitte im abgesicherten Modus. Entferne rechts die Hacken bei Sections und EAT/IAT


Bitte poste in Deiner nächsten Antwort
gmer.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.08.2010, 11:48   #8
kosova
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



so habe mich für avira entschieden!

hier die gewünschte Gmer.txt


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-06 12:39:18
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\kwlcqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \FileSystem\fastfat \Fat                                                                         9D03BA7A

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)  
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter                           5776
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help                              5777

---- EOF - GMER 1.0.15 ----
         
--- --- ---



mfg

Alt 06.08.2010, 12:41   #9
Larusso
/// Selecta Jahrusso
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



Schritt 1

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.

    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.

  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.


Schritt 2

Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.


Schritt 3

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.08.2010, 15:29   #10
kosova
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



hier die gewünschten txts:

ESET OnlineScanner
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=47bc2486a1fb494cb66f5a6dd049cb6b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-06 01:52:54
# local_time=2010-08-06 03:52:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 13977321 13977321 0 0
# compatibility_mode=1797 16775165 100 94 354883 40192261 3066 0
# compatibility_mode=5892 16776573 100 100 8045 118628296 0 0
# compatibility_mode=8192 67108863 100 0 260 260 0 0
# scanned=139144
# found=0
# cleaned=0
# scan_time=7206


SecurityCheck
Zitat:
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 21
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 10.0.45.2
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.08.2010 16:13:17 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,43 Gb Total Space | 44,62 Gb Free Space | 49,90% Space Free | Partition Type: NTFS
Drive D: | 52,78 Gb Total Space | 52,69 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.06 11:18:13 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.08.06 11:18:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.08.05 09:43:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe
PRC - [2010.04.22 21:36:22 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.03.26 20:43:02 | 000,864,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007.03.26 20:42:38 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 20:39:32 | 000,991,600 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.12.07 19:51:04 | 001,143,152 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.05 09:43:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010.04.27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.04.22 21:36:22 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.03.26 20:43:02 | 000,864,816 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipswuio.sys -- (ipswuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.03.26 20:43:00 | 000,039,472 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.03.26 20:42:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.03.26 20:42:44 | 000,108,592 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.03.06 06:24:05 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007.03.06 06:24:05 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007.01.23 05:00:59 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 07:48:53 | 000,181,304 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.14 13:42:45 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.06 11:18:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.06 11:50:04 | 000,000,000 | ---D | M]
 
[2009.02.13 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.06 12:43:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions
[2010.05.01 13:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.01 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions\youtube2mp3@mondayx.de
[2009.12.23 20:25:53 | 000,002,171 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d7v1sep4.default\searchplugins\bing.xml
[2010.08.05 09:41:46 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d7v1sep4.default\searchplugins\icqplugin.xml
[2010.08.06 11:00:14 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.12.23 20:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.06 11:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.08.06 11:18:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.06 11:18:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.06 11:18:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.06 11:18:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.06 11:18:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f1aff52f-7591-11dc-8953-001d60a340fa}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.06 13:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.08.06 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.08.06 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.08.06 11:36:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.08.06 11:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.06 11:00:10 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.06 11:00:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.06 11:00:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.06 11:00:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.06 10:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.08.06 10:38:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.05 13:04:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010.08.05 11:31:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010.08.05 11:31:19 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010.08.05 11:31:19 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010.08.05 11:31:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010.08.05 11:31:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010.08.05 11:31:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010.08.05 11:31:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010.08.05 11:31:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010.08.05 11:31:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010.08.05 11:31:14 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010.08.05 11:31:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010.08.05 11:31:03 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010.08.05 11:31:03 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010.08.05 11:31:02 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010.08.05 11:31:02 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010.08.05 11:31:02 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010.08.05 11:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.08.05 10:20:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.05 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.05 09:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.08.05 09:47:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.05 09:45:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.05 09:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.05 09:44:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.05 09:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.05 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools
[2010.08.01 17:08:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.08.01 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\***
[2010.08.01 16:14:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\***
[2010.08.01 16:09:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.08.01 16:03:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\***
[2010.08.01 16:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010.08.01 09:14:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\***
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.06 16:12:55 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.06 16:06:37 | 000,869,051 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2010.08.06 14:41:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.06 14:41:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.06 14:06:46 | 003,209,958 | ---- | M] () -- C:\Users\***\Desktop\Se thelo  - Kristine.mp3
[2010.08.06 13:48:18 | 002,672,312 | ---- | M] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2010.08.06 12:47:13 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.06 12:47:13 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.06 12:47:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.06 12:47:13 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.06 12:47:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.06 12:41:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.08.06 12:41:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.06 12:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.06 12:41:15 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.06 12:40:25 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.06 12:40:25 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.06 11:53:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.06 11:50:07 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.08.06 11:44:03 | 000,372,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.06 10:50:26 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.08.06 10:37:18 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EEC096F7-0D97-41BE-87E6-24872796CCD2}.job
[2010.08.05 12:44:56 | 003,611,617 | ---- | M] () -- C:\Users\***\Desktop\***
[2010.08.05 11:17:41 | 000,074,886 | ---- | M] () -- C:\Users\***\Desktop\22.jpg
[2010.08.05 11:15:50 | 000,099,374 | ---- | M] () -- C:\Users\***\Desktop\11.jpg
[2010.08.05 10:18:54 | 000,000,740 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.08.05 10:18:54 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.08.05 09:46:13 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 09:43:06 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.08.05 09:38:39 | 000,410,784 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2010.08.01 17:20:00 | 000,093,943 | ---- | M] () -- C:\Users\***\Desktop\c.jpg
[2010.08.01 17:19:27 | 000,094,891 | ---- | M] () -- C:\Users\***\Desktop\a.jpg
[2010.08.01 17:18:20 | 000,079,217 | ---- | M] () -- C:\Users\***\Desktop\b.jpg
[2010.08.01 17:08:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.08.01 16:55:59 | 000,030,720 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.01 16:02:48 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2010.08.06 16:06:28 | 000,869,051 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2010.08.06 14:06:33 | 003,209,958 | ---- | C] () -- C:\Users\***\Desktop\***
[2010.08.06 13:48:03 | 002,672,312 | ---- | C] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2010.08.06 12:41:15 | 2138,365,952 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.05 12:44:34 | 003,611,617 | ---- | C] () -- C:\Users\***\Desktop\***
[2010.08.05 11:31:06 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.08.05 11:31:05 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.08.05 11:31:05 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.08.05 11:17:40 | 000,074,886 | ---- | C] () -- C:\Users\***\Desktop\22.jpg
[2010.08.05 11:15:49 | 000,099,374 | ---- | C] () -- C:\Users\***\Desktop\11.jpg
[2010.08.05 10:39:30 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2010.08.05 10:18:54 | 000,000,740 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.08.05 10:18:54 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.08.05 09:46:13 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 09:43:05 | 000,284,915 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.08.05 09:38:19 | 000,410,784 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2010.08.01 17:19:59 | 000,093,943 | ---- | C] () -- C:\Users\***\Desktop\c.jpg
[2010.08.01 17:19:27 | 000,094,891 | ---- | C] () -- C:\Users\***\Desktop\a.jpg
[2010.08.01 17:18:19 | 000,079,217 | ---- | C] () -- C:\Users\***\Desktop\b.jpg
[2010.08.01 16:02:48 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.03.08 21:00:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.16 16:27:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.03.04 15:49:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.03.04 15:48:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.06 19:52:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.02.05 21:06:54 | 000,000,231 | ---- | C] () -- C:\Windows\pwcsu.INI
[2007.12.25 10:20:09 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.06 13:36:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.06 06:49:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007.03.06 05:34:09 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< End of report >
         
--- --- ---



EXTRAS.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.08.2010 16:13:17 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,43 Gb Total Space | 44,62 Gb Free Space | 49,90% Space Free | Partition Type: NTFS
Drive D: | 52,78 Gb Total Space | 52,69 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DDFDFD-5AE5-494F-B9BE-08801EC52E15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{14B1D9C9-D5F0-4282-8630-3AF445279938}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{182A04F9-AA02-4A4D-91AD-97794CB0503F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{194A6510-70E5-423E-805E-A86D58A89075}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1A574C7B-3CC2-481B-8EC4-988C2EA73109}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C502FC8-6279-4D2E-8A45-BC3F8FADDEEE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{22ED9560-403C-422A-803D-A0EF2AAF366A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2902DBD1-C9D7-4F58-BCF1-CCA5CD867698}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2C30CDB0-D580-4BC3-881B-273138D324C4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2C94E36D-189A-42C8-A3E7-0A9FD136CDA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2CB7A6CB-42C4-4347-916E-E596F8D6B0AE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{32BBB011-A86A-4329-B3EA-8DF81ADBD227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3B8E7A41-0524-46A4-B08A-83C3FE954025}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3BEEDD3C-8F12-4C9C-BC1C-F2B3AF197196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4189BF6C-4190-4290-B283-42029A4B5066}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4258B5E2-E2D5-4ACD-ACAF-67ED42DA81CA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{44BDCA5B-CF70-43CD-A1A0-CF4240AEDF9C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46872824-70C3-4FFD-A74F-D52105AB41CF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{493623DC-A8BE-441B-9EE7-117BCEC11574}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{570DF674-C797-4A47-B084-E4A38CF7BA08}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D491FD8-67FE-4A5A-8A2C-82EA39C71441}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6796F886-E1A4-4C0B-9B70-F6B65024A4B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B6A4666-A3B9-4DED-A0C7-068A79DC097D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6DED261F-4B88-4680-AC67-5A3E8D7F903F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{73620316-CA3D-442A-A125-56CD0B9493DB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7FC1C4C6-773B-4283-9E96-3DADFA677AAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{81B3CA2F-DFB2-4846-94E4-9D5BA3B1F239}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8DB3F93F-98F9-4BCB-9731-B12E9710AE69}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8EFADE63-A748-4CA4-BC2A-E557C6C15A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{92872FCA-C049-4F2B-8FE5-AF4789BC3714}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{93D8BF9F-728F-45F9-BBC0-462CF56DADC0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9E53FD0E-35D0-439D-9CC3-9262EEC9BDC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A0631FBD-6752-4C6E-9D5F-FCA2192AA6EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A0C95452-7440-461A-A537-A1E471B86F39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A1080788-F980-4024-919A-3B94BB4F832C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A208B510-BFEC-421C-80CE-F1A632BDAE32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A5CE0F80-6F4F-4581-AD59-45C498F93182}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AD271C0D-7A46-49FD-B65E-35FF1FF3DB29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B42E8ADA-034B-4438-93CC-BAE879AC3F1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4960A27-E470-4C6D-B16E-DA4FE052860A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4CC46D3-B5B6-49F2-BF79-0482808AF062}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B6FCC415-875D-4346-A460-4F93AB515860}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BAB7ABF2-AD41-4609-A3BB-8BE71C877AD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BC50D0A5-1FFD-4A4E-ADA4-26EA4877F952}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BD1D5428-E512-4866-BB91-6E48AD9FB581}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BD75D67C-E48D-4556-A4B0-F6AA636AB49A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BFE0B685-2DE8-4311-97F9-8F081E981B18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BFF09C02-BB36-4F63-A950-824CAE1C58C0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C20E1B56-FE3E-4033-B094-03EFFFA6998B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C4C6BC2D-C2BA-4B36-B834-BE4EA302B5A3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C4E2251E-A5D8-410E-BD50-21AE5F02A7DB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C59F8E40-6432-4642-B559-2C73E33F50F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CEC79824-5B11-4C30-9792-420787BDEA1E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2F6A825-04DD-46B2-A418-0A2FF45D5CF7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D64CFBD9-5AB9-48CA-AB92-A1D95DC4CDD5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D865FC0C-4932-4643-B71D-1E699508F908}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9E74C1A-2E70-41E7-930C-C057B76B2D42}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA84A3A8-42DB-49F0-81FD-8117D942ABC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DE7C8110-1EBE-43D6-9D75-D602ED30AE1C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DEEDE401-8938-40C2-9335-8420A665D925}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E491628B-523F-4223-95F2-0071E8392B48}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE9B1426-C40E-48DD-941B-A4E87627F06C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F1782734-D86F-422B-9AA2-91EC4FA59ECA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FA4812A4-6D14-4D0B-9E92-55A509EE1B5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051358FA-9D9E-46FB-9536-4B09D293D3F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{09BED4DB-AB5B-4E8F-A91F-5978F02D39EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FD666DA-8CFA-4A57-99B9-39FC268472D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{14705897-C097-49DA-9E3D-814EA7B71A8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{208E3276-87E2-431D-B3C9-086013E0FEB9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{22DF2A99-1BA0-47B9-8D3A-DAA948AEF7C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{230F1C4E-6A18-4F1E-BF54-BE1AA88E8F14}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{28B34F1F-4EE8-431A-AE77-09511DC1C987}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2BA71F5D-96A0-4552-B18A-47B9D986C499}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{325C944B-D94E-4AA1-9BBC-6493A37DDCE5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3CFFF59F-3DAE-4065-B327-BFF0FF3CC1B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3D9CA623-E41A-4286-B82C-B0EAC8DFB334}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3DD24A5B-7AD2-488A-A5D0-70F20919D745}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3FD1D06A-F5EC-4C01-934E-645B2AFDAC7B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{45E4A016-9175-40B2-9380-393F8E05E189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4612C640-9845-49A5-873E-C68C5B7FF019}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{48C6B18B-0281-4487-BE9B-26BA2BEF0E54}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{497BD23A-B780-4F8E-9CFB-CF128A1DAA6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4ADF48C8-644E-468D-B934-5915AE753A57}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{4B0E48C7-23B2-45C9-AFB4-B27EA6FEB127}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5785845C-0646-44F4-BBE6-799D8A0F7727}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{61CE6370-395D-443A-99F3-6B5777F2A036}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6DC327C8-1299-41D9-B849-9133E7443AAA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{704F3941-FCCD-4FB4-8D27-20C28B056B3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{717CBB6F-A4E0-48D3-BA39-53F1B833771B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{72B83110-2828-480E-BDDA-3B94ED3258E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{72FF2703-60E1-41AD-BF4C-14D24B0F35FA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{73D44748-D2AA-438A-8A87-DD1871106E02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{76D8BDED-307A-45AE-8F1A-90F7DEFF2778}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7DC4FE22-8075-4439-A869-31A46C548A1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{805EC9C9-1B8B-4F36-9535-37C8A20714F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8B65B85A-6300-49C1-89E7-8318AB92B2D0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8B87277A-A424-47E8-89C2-E53E68436551}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{939B57A5-FBE3-4A71-BD3B-739C31B0FE9D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{9983AE7F-6EBE-4016-AC27-9E24559E8ECD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9C3D4F07-AFDB-46F1-9B95-E48505A47CF4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A01C83CB-266A-4749-89D9-CC9A087D2C83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A0F40E12-4817-4E9C-9BE2-940BCA092CB9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A16A7C67-C6C8-42D1-9CB9-DA08B40D3E2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A2E83690-E1DA-4CBC-A373-D9383CD62757}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A32F75F3-A67E-46A2-B70C-AE394BFD4B18}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A52EC4CD-0A06-41FB-A9D6-8939FCA9220C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A65E9548-93B9-4B8B-82AA-D3AD5F25E0E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A7F8AE94-F8BF-45DC-AF94-BC031889E084}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{AB203302-07F1-48C3-9F30-FCDE7DC56236}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{AF120394-9A7A-4432-BB35-BB6A3CE2FE68}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{B1B51401-4390-4981-AE8C-343A93462F7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B5768B67-6831-4094-8806-094A092FB3A2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B733CEA2-C953-4DB7-9CEC-33BA91B38645}" = protocol=6 | dir=out | app=system | 
"{B79A694A-8A84-44C9-9751-FCF6C525E605}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BA713261-B124-4605-9632-20DE07517A80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF39CDC4-9FCB-4C15-B489-1960A2C78833}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C40FFFE5-3183-4BEB-BF8B-CD5589E4982D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C66FAB51-B69F-4FF6-AFAC-51F08D2E2921}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C680C398-3244-4C3A-81AC-9ED29424F0FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CFBB2FA6-3C57-409F-9C55-60FEA9853D4A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D1824EAC-0E9A-4084-A43F-ED90A8F9C4B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1EC57BF-23E3-47BC-9E9B-4FCA31EC061C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{DBF89169-3ECF-4688-BC09-BEB01C6E6107}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E01171B4-576A-4205-A4EC-7A5CDA469EF8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E7119B0B-CF47-4085-B9A3-DC826EBD10BF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{EA19B270-5447-4CD4-9C99-A77DF7EAC890}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FAA82B90-BFB5-4940-827A-EA0416A20BB1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{FB035C54-139A-437D-B789-DAE5136AEEEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD4F0CD4-CAA6-479B-B48C-DBF3C90BA635}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{FFABC83D-162D-4B05-8DD1-7370071C2454}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{19F9942B-B259-4EBA-ACA9-489F151C4E82}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{1E2F7093-FF44-4362-B4AF-93A7D030EAC9}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{2250E818-FC8C-4401-B4A3-3D0057DE4F93}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{443AF89B-EE89-4685-94FF-5C9166E68430}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{482B662C-8CB5-4D2E-91EC-A0E97EFD7CF4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{61316D33-4C05-4E42-9CC1-476332270387}C:\users\***\desktop\msnmsgr.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | 
"TCP Query User{711FF911-61F6-4994-B6FB-B2EAF4321FAC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{8100E354-CC22-4D0C-8938-ABC7E9614D4D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{81687D01-309C-4115-AE9F-1D5156D070AF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{B3C337AF-501B-46B9-8B4C-AD5EE668A136}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{BBA9F86D-0B81-47AF-9ED5-3D038971901C}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{C1B0CFCB-284D-468B-B572-EF4B93B96D93}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{C2DCE119-5F24-4A9F-A767-C47019DA6F82}C:\users\***\desktop\msnmsgr.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | 
"TCP Query User{D9FDA144-47A4-49BB-93CF-068BF1AC91AB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{03F439AE-12F1-415A-A442-556230DAF28D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{10D3E8E6-E7EB-4B1F-AB84-383B225E0496}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{256DC0B9-02B1-431F-8105-B4572983A32D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{2C1F0200-0691-403B-9231-1F7F3B5CD7B0}C:\users\***\desktop\msnmsgr.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | 
"UDP Query User{36EBE536-C090-4849-8858-6F0B07A9DA62}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{42322A2F-FD97-4B3F-9F33-833487A20E32}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{64DF6376-DB12-41AA-A57D-F9C6684319F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{78870010-414F-4224-BCDB-E79B7BBB1109}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{7F02A13D-5EF4-4ED8-AB75-AC7DC776B792}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{9E846DEC-1D2C-4F97-95A4-1F3EE4C0AD8D}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{D46323D9-1E38-4759-B0B1-8E77C103F9ED}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D4FC010A-597B-43D3-8248-9393AFC05B49}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{EC67BE5F-875B-41FA-97AF-5454177EDE0B}C:\users\***\desktop\msnmsgr.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | 
"UDP Query User{EDFCB969-A96C-4570-A15C-0301EF94C587}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F32DF8-D66E-446A-A425-C1D7B45C1033}" = Nero 7 Essentials
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PROHYBRIDR" = 2007 Microsoft Office system
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.03.2009 07:16:02 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 09.03.2009 07:20:17 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 07:26:12 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 07:35:34 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 09:04:52 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 09:06:13 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 09:07:34 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.03.2009 09:08:55 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.03.2009 14:31:21 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 12.03.2009 15:37:38 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
[ Media Center Events ]
Error - 18.04.2008 13:41:55 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.08.2010 05:57:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.08.2010 05:57:53 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.08.2010 05:57:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.08.2010 06:43:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.08.2010 09:12:32 | Computer Name = ***-PC | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         
--- --- ---

Alt 06.08.2010, 15:52   #11
Larusso
/// Selecta Jahrusso
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter
Als alternative würde ich dir den schlankeren Foxit Reader empfehlen

Flashplayer bitte ebenfalls updaten.


Schritt 2

Systemwiederherstellungpunkte leeren

Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen.


Schritt 3

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 4

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 5

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 6

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 08.08.2010, 11:05   #12
kosova
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



Hi

danke erst einmal ich denke du hast mir wirklich gehoflen. Soweit habe ich auch alle schritte durchgeführt...

nur was mich leicht verwirrt was ist nun mit dem..





sind die Viren immer noch auf meinem laptop?

Alt 08.08.2010, 13:20   #13
Larusso
/// Selecta Jahrusso
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



Ja mit so screenshots kann man höllisch viel anfangen. Lass Avira mal Scannen und poste die Log
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 12.08.2010, 11:34   #14
kosova
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



so hier die txt:

Zitat:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Donnerstag, 12. August 2010 09:45

Es wird nach 2708713 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : ***-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 22.04.2010 19:36:22
AVSCAN.DLL : 10.0.3.0 56168 Bytes 22.04.2010 19:36:22
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 16:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 09:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 17:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 15:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 14:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 09:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 07:36:05
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 07:25:57
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 16:31:13
VBASE008.VDF : 7.10.9.166 2048 Bytes 23.07.2010 16:31:15
VBASE009.VDF : 7.10.9.167 2048 Bytes 23.07.2010 16:31:15
VBASE010.VDF : 7.10.9.168 2048 Bytes 23.07.2010 16:31:16
VBASE011.VDF : 7.10.9.169 2048 Bytes 23.07.2010 16:31:16
VBASE012.VDF : 7.10.9.170 2048 Bytes 23.07.2010 16:31:16
VBASE013.VDF : 7.10.9.198 157696 Bytes 26.07.2010 16:31:16
VBASE014.VDF : 7.10.9.255 997888 Bytes 29.07.2010 15:15:12
VBASE015.VDF : 7.10.10.28 139264 Bytes 02.08.2010 07:36:44
VBASE016.VDF : 7.10.10.52 127488 Bytes 03.08.2010 07:36:45
VBASE017.VDF : 7.10.10.84 137728 Bytes 06.08.2010 08:59:45
VBASE018.VDF : 7.10.10.107 176640 Bytes 09.08.2010 07:34:33
VBASE019.VDF : 7.10.10.130 132608 Bytes 10.08.2010 07:34:34
VBASE020.VDF : 7.10.10.131 2048 Bytes 10.08.2010 07:34:34
VBASE021.VDF : 7.10.10.132 2048 Bytes 10.08.2010 07:34:34
VBASE022.VDF : 7.10.10.133 2048 Bytes 10.08.2010 07:34:34
VBASE023.VDF : 7.10.10.134 2048 Bytes 10.08.2010 07:34:34
VBASE024.VDF : 7.10.10.135 2048 Bytes 10.08.2010 07:34:34
VBASE025.VDF : 7.10.10.136 2048 Bytes 10.08.2010 07:34:34
VBASE026.VDF : 7.10.10.137 2048 Bytes 10.08.2010 07:34:34
VBASE027.VDF : 7.10.10.138 2048 Bytes 10.08.2010 07:34:34
VBASE028.VDF : 7.10.10.139 2048 Bytes 10.08.2010 07:34:35
VBASE029.VDF : 7.10.10.140 2048 Bytes 10.08.2010 07:34:35
VBASE030.VDF : 7.10.10.141 2048 Bytes 10.08.2010 07:34:35
VBASE031.VDF : 7.10.10.151 73728 Bytes 11.08.2010 07:34:35
Engineversion : 8.2.4.34
AEVDF.DLL : 8.1.2.1 106868 Bytes 01.08.2010 15:15:19
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 01.08.2010 15:15:19
AESCN.DLL : 8.1.6.1 127347 Bytes 12.05.2010 19:09:11
AESBX.DLL : 8.1.3.1 254324 Bytes 29.04.2010 17:09:28
AERDL.DLL : 8.1.8.2 614772 Bytes 27.07.2010 16:31:32
AEPACK.DLL : 8.2.3.5 471412 Bytes 08.08.2010 06:21:02
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 27.07.2010 16:31:30
AEHEUR.DLL : 8.1.2.11 2834805 Bytes 08.08.2010 06:21:01
AEHELP.DLL : 8.1.13.2 242039 Bytes 27.07.2010 16:31:26
AEGEN.DLL : 8.1.3.19 393587 Bytes 08.08.2010 06:20:59
AEEMU.DLL : 8.1.2.0 393588 Bytes 29.04.2010 17:09:26
AECORE.DLL : 8.1.16.2 192887 Bytes 27.07.2010 16:31:25
AEBB.DLL : 8.1.1.0 53618 Bytes 29.04.2010 17:09:24
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 09:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 09:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 14:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 22.04.2010 19:36:22
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 22.04.2010 19:36:22
AVARKT.DLL : 10.0.0.14 227176 Bytes 22.04.2010 19:36:22
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 07:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 10:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 13:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 12:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 11:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 22.04.2010 19:36:22

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +JOKE,+PFS,

Beginn des Suchlaufs: Donnerstag, 12. August 2010 09:45

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\windows\ablksr\ablksr.exe
c:\Windows\ABLKSR\ABLKSR.exe
[HINWEIS] Der Prozess ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'DllHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'MultiFrame.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'InCD.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACEngSvr.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACMON.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'BatteryLife.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hcontrol.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Net4Switch.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '181' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'spmgr.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'InCDsrv.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '166' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '488' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <VistaOS>
Beginne mit der Suche in 'D:\' <DATA>


Ende des Suchlaufs: Donnerstag, 12. August 2010 12:16
Benötigte Zeit: 2:30:59 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

26279 Verzeichnisse wurden überprüft
355096 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
355096 Dateien ohne Befall
3124 Archive wurden durchsucht
0 Warnungen
0 Hinweise
574325 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden

Alt 12.08.2010, 21:01   #15
Larusso
/// Selecta Jahrusso
 
Einige Viren gefunden und ich glaube es werden mehr... - Standard

Einige Viren gefunden und ich glaube es werden mehr...



Noch Probleme?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Einige Viren gefunden und ich glaube es werden mehr...
antivir, antivir guard, avg, avira, bho, browser, defender, desktop, excel, google, helper, highjack this, hijack, hijackthis, internet, internet explorer, logfile, object, plug-in, rundll, security, software, symantec, system, viren, vista, windows




Ähnliche Themen: Einige Viren gefunden und ich glaube es werden mehr...


  1. Win 10: Nach Neuaufseztung (damals Win 8.1) werden direkt Viren/Trojaner via 360 Total Security gefunden.
    Plagegeister aller Art und deren Bekämpfung - 21.11.2015 (12)
  2. AntiVir hat einige Trojaner/Java-Viren/Exploits gefunden...
    Log-Analyse und Auswertung - 01.08.2014 (9)
  3. Werden uralte Viren mit 100% Sicherheit gefunden?
    Diskussionsforum - 08.02.2014 (14)
  4. Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (40)
  5. habe gestern 2 Java Viren gefunden und glaube das sich noch irgendwo was versteckt hat
    Log-Analyse und Auswertung - 09.10.2012 (10)
  6. Hilfe habe einige Viren auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  7. TR/ATRAPS.gen und einige Viren + Rootkits
    Plagegeister aller Art und deren Bekämpfung - 16.09.2012 (34)
  8. Hostprozess für Windowsdiense funktioniert nicht mehr - Viren gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (9)
  9. Habe glaube ich, mal wieder ein Viren Problem
    Antiviren-, Firewall- und andere Schutzprogramme - 10.05.2010 (14)
  10. Ich glaube mein pc hat viren bitte hilfee
    Log-Analyse und Auswertung - 23.07.2009 (1)
  11. Glaube mehrere Viren zu haben
    Mülltonne - 02.11.2008 (0)
  12. 7 Viren gefunden. Hijack kann nicht heruntergeladen werden.
    Plagegeister aller Art und deren Bekämpfung - 05.09.2008 (6)
  13. Hab einige viren :(
    Plagegeister aller Art und deren Bekämpfung - 17.07.2007 (5)
  14. Einige Viren/Trojaner eingefangen..
    Plagegeister aller Art und deren Bekämpfung - 12.03.2006 (7)
  15. Schon wieder Viren! Ich Glaube Trojaner
    Log-Analyse und Auswertung - 07.12.2005 (2)
  16. Nach einer Weile werden keine neuen Web-Seiten mehr gefunden
    Log-Analyse und Auswertung - 31.01.2005 (3)
  17. Hilfe, einige internetseiten werden auf einmal nicht mehr aufgebaut.
    Alles rund um Windows - 08.11.2004 (11)

Zum Thema Einige Viren gefunden und ich glaube es werden mehr... - highjack this file: HiJackthis Logfile: Code: Alles auswählen Aufklappen ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:14:18, on 01.08.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet - Einige Viren gefunden und ich glaube es werden mehr......
Archiv
Du betrachtest: Einige Viren gefunden und ich glaube es werden mehr... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.