| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ebenfalls "Achtung! Ihr Computer wurde gesperrt!"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.02.2012, 11:04
| #1 |
| |  Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" Hallo, Auch ich habe mir gestern vormittag wohl diesen Virus (s. Überschrift) eingefangen. Beim Surfen im Internet erschien plötzlich diese Meldung. Ich denke, was genau alles da steht muss ich nicht mehr erläutern. Jedenfalls konnte ich nichts mehr am PC machen außer ausschalten. Mit einem anderen Benutzerkonto tritt das Problem jedoch nicht auf, weshalb ich auch überhaupt nur hier posten kann. Ich habe dann eine vollständige Systemprüfung mit Avira durchgeführt und der Scanner auch "3 Viren oder unerwünschte Programme gefunden" und in die Quaräntäne verschoben (letzter Fund: TR/Offend.2.15557). Ich poste unten den Avira-Bericht, aber vorher noch eine Frage: Ich habe mir OTL heruntergeladen und auf den Desktop von diesem - nicht betroffenen - Benutzerkonto ("altedame1892") gezogen. Soll ich von hier den Scan mit OTL durchführen oder soll ich das im betroffenen Benutzerkonto ("Jones") machen im abgesicherten Modus? Oder spielt das keine Rolle? Den Avira-Scan habe ich übrigens auch im nicht betroffenen Benutzerkonto durhgeführt. Vielen Dank schonmal! Ich hoffe, ich habe alles verständlich genug erklärt.. Hier mein Avira-Bericht: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 14. Februar 2012 12:27
Es wird nach 3457462 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : altedame1892
Computername : JONAS-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.883 41963 Bytes 25.01.2012 16:30:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25.10.2011 17:30:10
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 09.12.2011 10:48:24
AVREG.DLL : 12.1.0.27 227536 Bytes 12.12.2011 10:58:56
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:20:14
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 00:05:47
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 00:05:48
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 00:05:48
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 00:05:48
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 00:05:48
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 00:05:48
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 00:05:48
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 00:05:48
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 00:05:48
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 00:05:49
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 00:05:55
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 00:05:58
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 11:43:20
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 11:47:58
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 18:34:13
VBASE018.VDF : 7.11.22.221 2048 Bytes 13.02.2012 18:34:13
VBASE019.VDF : 7.11.22.222 2048 Bytes 13.02.2012 18:34:13
VBASE020.VDF : 7.11.22.223 2048 Bytes 13.02.2012 18:34:14
VBASE021.VDF : 7.11.22.224 2048 Bytes 13.02.2012 18:34:14
VBASE022.VDF : 7.11.22.225 2048 Bytes 13.02.2012 18:34:14
VBASE023.VDF : 7.11.22.226 2048 Bytes 13.02.2012 18:34:14
VBASE024.VDF : 7.11.22.227 2048 Bytes 13.02.2012 18:34:14
VBASE025.VDF : 7.11.22.228 2048 Bytes 13.02.2012 18:34:14
VBASE026.VDF : 7.11.22.229 2048 Bytes 13.02.2012 18:34:15
VBASE027.VDF : 7.11.22.230 2048 Bytes 13.02.2012 18:34:15
VBASE028.VDF : 7.11.22.231 2048 Bytes 13.02.2012 18:34:15
VBASE029.VDF : 7.11.22.232 2048 Bytes 13.02.2012 18:34:15
VBASE030.VDF : 7.11.22.233 2048 Bytes 13.02.2012 18:34:15
VBASE031.VDF : 7.11.22.248 88064 Bytes 13.02.2012 18:34:21
Engineversion : 8.2.10.2
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 17:30:02
AESCRIPT.DLL : 8.1.4.5 442745 Bytes 11.02.2012 11:50:05
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 18:45:38
AESBX.DLL : 8.2.4.5 434549 Bytes 01.12.2011 19:38:27
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.3 799094 Bytes 11.02.2012 11:50:02
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 31.12.2011 12:10:20
AEHEUR.DLL : 8.1.3.27 4391285 Bytes 11.02.2012 11:49:49
AEHELP.DLL : 8.1.19.0 254327 Bytes 19.01.2012 18:42:55
AEGEN.DLL : 8.1.5.21 409971 Bytes 04.02.2012 00:06:01
AEEXP.DLL : 8.1.0.20 70004 Bytes 13.02.2012 18:34:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.4 201079 Bytes 13.02.2012 18:34:25
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.19 208848 Bytes 09.12.2011 10:45:00
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 14. Februar 2012 12:27
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'logon.scr' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpCmdRun.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLanGUI.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2361' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <BOOT>
C:\Users\Jones\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-23c4b3ff
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.CG.1
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353
C:\Users\Jones\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\c3423b7-199c49c8
[FUND] Ist das Trojanische Pferd TR/Offend.2.15557
Beginne mit der Suche in 'D:\' <RECOVER>
Beginne mit der Desinfektion:
C:\Users\Jones\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\c3423b7-199c49c8
[FUND] Ist das Trojanische Pferd TR/Offend.2.15557
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49b12a16.qua' verschoben!
C:\Users\Jones\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-23c4b3ff
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '512605ac.qua' verschoben!
Ende des Suchlaufs: Dienstag, 14. Februar 2012 17:22
Benötigte Zeit: 1:48:24 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
37121 Verzeichnisse wurden überprüft
950303 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
950300 Dateien ohne Befall
9951 Archive wurden durchsucht
0 Warnungen
2 Hinweise
707704 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
15.02.2012, 11:06
| #2 |
| /// Malware-holic   | Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" hi,
__________________neustart, f8 drücken abgesicherter modus mit netzwerk wählen im betroffenen konto anmelden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
15.02.2012, 11:56
| #3 |
| | Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" Wow, vielen Dank für die superschnelle Bearbeitung!
__________________Hier die Logfiles: Code:
ATTFilter OTL logfile created on: 15.02.2012 11:30:30 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jones\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,16% Memory free 6,19 Gb Paging File | 5,85 Gb Available in Paging File | 94,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,15 Gb Total Space | 365,75 Gb Free Space | 63,48% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32 Computer Name: JONAS-PC | User Name: Jones | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.14 18:26:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.11.21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PLFlash DeviceIoControl Service) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.05.02 18:31:55 | 000,390,952 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.01.04 22:05:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.05.07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.12.09 11:48:12 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.10.22 02:00:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.16 19:38:41 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.05.12 15:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUsb.sys -- (FlashUSB) DRV - [2008.11.19 16:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.19 16:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.19 16:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.02.20 20:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL) DRV - [2008.02.06 16:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.07.16 22:55:08 | 000,021,024 | ---- | M] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xpad.sys -- (XPAD) DRV - [2007.06.25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex) DRV - [2007.06.25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm) DRV - [2007.06.25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) DRV - [2007.06.25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) DRV - [2007.06.25 09:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) DRV - [2007.06.25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl) DRV - [2007.06.25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=fb79984c-443d-11e1-87f2-bc0543075608 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=fb79984c-443d-11e1-87f2-bc0543075608 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jones\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jones\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Jones\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.12 21:15:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.12 21:15:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 3\components [2012.01.08 22:33:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 3\plugins [2012.01.21 15:41:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.09.29 12:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\mozilla\Extensions [2012.02.13 12:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions [2010.04.27 14:00:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.21 15:41:44 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a} [2012.01.08 19:22:14 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.05.23 19:07:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.24 00:21:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.07 16:30:52 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions\engine@conduit.com [2011.08.20 14:44:51 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions\firefox@tvunetworks.com [2010.09.10 20:04:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\dbx3kj32.default\extensions\vshare@toolbar [2009.10.10 15:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.12.29 16:19:01 | 000,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png [2008.12.29 16:19:01 | 000,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src O1 HOSTS File: ([2008.12.03 15:51:12 | 000,000,799 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: ::1 localhost O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\Jones\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\StartSearch plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\StartSearch plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [vasja] C:\Users\Jones\AppData\Local\Temp\0.6480047217820015.exe (Mach5 Software) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jones\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jones\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BD1E975-A8D9-4EFD-B7F0-C55D2FDE1C21}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70E4FE52-E3F2-495A-A818-D9E9DEBE3532}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{58ace2d8-19ce-11e1-855a-00218569804d}\Shell - "" = AutoRun O33 - MountPoints2\{58ace2d8-19ce-11e1-855a-00218569804d}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{9c66413b-efcb-11de-af9e-00218569804d}\Shell - "" = AutoRun O33 - MountPoints2\{9c66413b-efcb-11de-af9e-00218569804d}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: icacuota - (C:\Windows\system32\bootPING.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Jones^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^3113068.lnk - C:\Users\Jones\AppData\Local\Temp\mvNat.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found MsConfig - StartUpReg: cacaoweb - hkey= - key= - File not found MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Livestream Procaster - hkey= - key= - File not found MsConfig - StartUpReg: MRT - hkey= - key= - File not found MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found MsConfig - StartUpReg: NortonAntiBot - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( ) MsConfig - StartUpReg: uTorrent - hkey= - key= - File not found MsConfig - StartUpReg: VeohPlugin - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.14 18:47:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe [2012.01.23 12:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.23 12:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.23 12:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.21 15:41:41 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\VshareComplete [2012.01.21 15:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\VshareComplete [2012.01.21 15:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\StartSearch plugin ========== Files - Modified Within 30 Days ========== [2012.02.15 11:25:53 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.15 11:25:53 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.15 11:25:53 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.15 11:25:53 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.15 11:21:41 | 000,002,032 | ---- | M] () -- C:\Users\Jones\AppData\Local\d3d9caps.dat [2012.02.15 11:20:43 | 002,302,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.15 11:20:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.15 11:16:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.15 11:16:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.15 10:43:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2012.02.15 10:42:44 | 000,252,025 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.02.15 10:42:44 | 000,252,025 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.02.15 10:42:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.14 19:32:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.14 18:26:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe [2012.02.14 12:19:42 | 000,168,448 | ---- | M] () -- C:\Users\Jones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.14 12:04:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.01.23 12:44:13 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.01.23 12:44:13 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.28 15:38:48 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2010.11.01 18:27:00 | 008,676,883 | ---- | C] () -- C:\Windows\System32\NCMedia2.dll [2010.09.27 17:27:42 | 000,252,025 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.09.27 17:27:42 | 000,252,025 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.09.18 16:01:43 | 000,000,887 | ---- | C] () -- C:\Windows\uninst.ini [2010.07.14 09:33:30 | 000,000,183 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.04.28 22:21:17 | 000,000,000 | ---- | C] () -- C:\Windows\iSnooker.INI [2010.02.25 14:58:50 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.02.25 14:58:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.01.14 16:06:11 | 000,000,600 | ---- | C] () -- C:\Users\Jones\AppData\Local\PUTTY.RND [2010.01.12 22:14:06 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.01.12 22:13:57 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.12.28 00:31:38 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2009.12.28 00:31:38 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009.12.24 15:04:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2009.12.24 15:04:28 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2009.10.19 22:39:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.19 22:39:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.01.25 19:25:26 | 000,024,206 | ---- | C] () -- C:\Users\Jones\AppData\Roaming\UserTile.png [2008.12.13 11:47:40 | 000,002,032 | ---- | C] () -- C:\Users\Jones\AppData\Local\d3d9caps.dat [2008.09.29 18:07:53 | 000,000,402 | ---- | C] () -- C:\Users\Jones\AppData\Roaming\wklnhst.dat [2008.09.29 13:43:22 | 000,168,448 | ---- | C] () -- C:\Users\Jones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.08 14:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.08.04 14:16:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.04 11:08:00 | 000,000,028 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.01.21 08:15:58 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.05.23 20:23:24 | 000,002,560 | ---- | C] () -- C:\Windows\System32\RegInDll.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 002,302,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.12.14 19:02:58 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Canon [2010.01.15 15:02:27 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\com.adobe.ExMan [2011.07.26 17:56:24 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\DVDVideoSoft [2011.04.25 10:07:16 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.02 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Electronic Arts [2011.09.04 12:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\FileZilla [2010.04.07 22:48:22 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\FreeFLVConverter [2010.11.01 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\HamsterSoft [2010.05.31 12:08:07 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\ICQ [2011.08.11 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Iggels [2009.08.24 09:27:18 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Inkscape [2010.01.12 22:41:32 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\KompoZer [2009.10.01 13:44:06 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Leadertech [2010.05.05 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\LG Electronics [2011.01.12 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Local [2010.02.20 20:45:16 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\MAGIX [2008.12.14 18:21:41 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\OpenOffice.org [2009.01.25 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\PeerNetworking [2008.12.07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\PPMate [2009.04.11 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\ppStream [2008.09.29 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Publish Providers [2008.11.08 20:55:44 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Sony [2008.10.01 19:06:02 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Template [2010.01.27 17:09:34 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\TS3Client [2010.09.18 16:17:02 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\uTorrent [2012.01.21 15:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\VshareComplete [2010.08.26 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\XnView [2011.06.07 15:12:38 | 000,000,000 | -H-D | M] -- C:\Users\Jones\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2012.02.15 11:16:27 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.02.16 13:27:13 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2012.02.15 10:43:01 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.14 12:25:04 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.10.19 23:08:16 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.09.29 12:42:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.01.09 13:34:31 | 000,000,000 | ---D | M] -- C:\Fraps [2010.01.06 19:25:47 | 000,000,000 | ---D | M] -- C:\GC900 [2010.09.18 16:02:56 | 000,000,000 | ---D | M] -- C:\log [2008.08.04 12:59:13 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.09.27 17:24:46 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.01.23 12:43:39 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.05 14:52:52 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.09.29 12:42:11 | 000,000,000 | -HSD | M] -- C:\Programme [2009.12.23 20:55:33 | 000,000,000 | ---D | M] -- C:\Sounds [2012.02.15 11:10:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.05.21 16:02:29 | 000,000,000 | ---D | M] -- C:\Temp [2012.02.14 12:24:25 | 000,000,000 | R--D | M] -- C:\Users [2012.01.08 23:20:03 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2008.05.07 16:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.05.07 16:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.05.07 16:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys [2008.05.07 16:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.02.15 11:27:26 | 004,718,592 | -HS- | M] () -- C:\Users\Jones\NTUSER.DAT [2012.02.15 11:27:26 | 000,262,144 | -H-- | M] () -- C:\Users\Jones\ntuser.dat.LOG1 [2008.09.29 12:45:11 | 000,000,000 | -H-- | M] () -- C:\Users\Jones\ntuser.dat.LOG2 [2012.02.14 18:34:42 | 000,065,536 | -HS- | M] () -- C:\Users\Jones\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.04.27 14:46:19 | 000,524,288 | -HS- | M] () -- C:\Users\Jones\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.02.14 18:34:42 | 000,524,288 | -HS- | M] () -- C:\Users\Jones\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.09.29 12:45:11 | 000,000,020 | -HS- | M] () -- C:\Users\Jones\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 481 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:888AFB86 < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.02.2012 11:30:30 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jones\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,16% Memory free
6,19 Gb Paging File | 5,85 Gb Available in Paging File | 94,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,15 Gb Total Space | 365,75 Gb Free Space | 63,48% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32
Computer Name: JONAS-PC | User Name: Jones | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD90270-63F2-44DC-A5C0-D517FBA9EA63}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2712F961-077C-4A1F-AA00-F9CC3E068565}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D7A34EB-C153-4141-83CA-9D6033672663}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4E29BA36-E6A6-424F-B2F7-8388928FA6D9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64E2F2BC-4E49-45B1-9085-776782E0CCEB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{659BEA66-DCE3-47E4-A52F-FF8E99BC2434}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F9B7B4E-4604-4F7A-BDF5-8A4B56EF7B3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7244CC62-A773-45D1-9A1C-AC60B9338DFD}" = lport=445 | protocol=6 | dir=in | app=system |
"{7801F870-19E9-4C9E-B3B5-2219B8F26E33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A9ED29D-E20D-4C60-A653-CBADA8EA73E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A481B996-BAB4-4E91-B234-A5ADB061CF56}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{A7978B73-A3F5-42F0-9083-22AFAC57F24A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B1E633D7-0D8E-4021-A148-FA43EBEDE31D}" = rport=139 | protocol=6 | dir=out | app=system |
"{C1F60A94-A1AE-4C07-A843-247DD8C4206E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C558A3B7-6C0E-4A2A-BEA7-183D3BD426C1}" = lport=137 | protocol=17 | dir=in | app=system |
"{CD11B771-1D94-4F22-9042-80283258C977}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D2996440-1F5A-43B6-A468-E6947ABB0638}" = lport=139 | protocol=6 | dir=in | app=system |
"{D46A23B0-7C68-43BA-B4C7-B877A97A2FC8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{D547D6A5-86D8-46FA-9491-95B1A8FD2954}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E26ADF25-D5C6-4441-AA75-85A78E3A9F43}" = rport=445 | protocol=6 | dir=out | app=system |
"{E6C86DD3-6017-4D34-8F24-FF22534BFE79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E70BD3BE-BA89-4ADE-91EC-33355C386F16}" = rport=138 | protocol=17 | dir=out | app=system |
"{FF12D466-EB7B-409D-9D0E-17E5F7791C41}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02028403-CE26-40E6-8B3E-F8A53B5F7682}" = protocol=6 | dir=in | app=c:\users\jones\appdata\local\temp\mvnat.exe |
"{10546A89-2755-46BA-8D2B-1337FC8F08EF}" = protocol=6 | dir=in | app=c:\users\jones\appdata\local\temp\audiodgt.exe |
"{1A303F31-98A8-406C-A0AA-89F96E264BE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1D4D8BD9-F95D-47AF-BE21-755EE36CD013}" = protocol=6 | dir=in | app=c:\users\jones\appdata\local\temp\taskengc.exe |
"{1DD5241D-AEB8-4C0D-95A3-1163DA93AC51}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1F8D8EA6-1FE5-4CAC-BAF6-1901E3F29C6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{44DA55D9-B665-4EEE-9ECD-86B427C135CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4724ABBC-A06E-4E6F-AD70-E3693494CBAE}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{51C788B8-F3F8-4961-A01C-62096F0D6D3C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\counterlee479\counter-strike\hl.exe |
"{57EC5E84-A888-44DB-B724-D214DFA60524}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5C255232-FA27-4263-8E30-9AFE7D7C99B1}" = protocol=6 | dir=in | app=c:\users\jones\appdata\local\temp\systmn.exe |
"{65D95E00-2B48-4B1F-B975-97642EB9EAA2}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6A99DA2B-174A-440B-984B-3E933EEF465D}" = protocol=17 | dir=in | app=c:\users\jones\appdata\local\temp\systmn.exe |
"{6D78C11C-AC19-4FF4-AB6D-752754E58BCB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{704A2A93-3EA4-4DB0-B2F4-86197DFA7F8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72BBA236-6456-4D28-A895-1E7198AE9EED}" = protocol=17 | dir=in | app=c:\users\jones\appdata\local\temp\mvnat.exe |
"{87E16E26-D07D-4AFD-9FC9-EA4B7958B88B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{905885D8-88A7-4613-B34C-338C79EDA400}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{93BFCA3E-16BC-40E7-B90B-EBC408231734}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{957A5546-7652-40F1-A328-0FAA53373341}" = protocol=17 | dir=in | app=c:\users\jones\appdata\local\temp\taskengc.exe |
"{9FB67A04-65F1-41D6-BF88-5A0BECDDE454}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B135D7CC-5F1F-47FF-91C3-C83B62D63AF9}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BF829672-1E62-43DD-8B38-52B8682D17E7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\counterlee479\counter-strike\hl.exe |
"{C2AD5FEA-EAB0-4FCB-A66B-B54FB66A4EA5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C55CA4BB-CE83-4313-ACC1-A610712C536D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2533741-1F0A-4AFD-BF0F-08ECF4A84775}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{D25C7936-D74A-40EE-8024-42282D46CAF3}" = protocol=17 | dir=in | app=c:\users\jones\appdata\local\temp\audiodgt.exe |
"{DD9DED57-D7D7-416F-8F50-F9048FF14705}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F5207AA1-11AB-456D-8D75-BD28331F8C20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCB4553E-2DAF-48AA-9865-9E309735333F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{0A7BD9CE-BF2F-4E39-9D13-332516B03F9C}C:\program files\ppmate\ppamnet.exe" = protocol=6 | dir=in | app=c:\program files\ppmate\ppamnet.exe |
"TCP Query User{153CD0D1-4ADF-42BF-B6FB-80B0764C7457}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{2AA8FB2B-6E94-476D-9DD2-97C335EC44A0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{37CFDB0B-77C2-4632-A585-A835FD48F514}C:\program files\aspyr\top spin 2\data\top spin 2.exe" = protocol=6 | dir=in | app=c:\program files\aspyr\top spin 2\data\top spin 2.exe |
"TCP Query User{3AE7F174-BDE7-4B52-8296-1DFEB5CAFE70}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4489DFE9-AD1F-43A3-83EC-ACC1A38A6CF1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{44A80846-1F57-4CE9-BF91-7D6BA7B1C305}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{46D1D36A-F0A5-46CF-9A05-E4AD6AE33B71}C:\program files\xbc\xbc_ns.exe" = protocol=6 | dir=in | app=c:\program files\xbc\xbc_ns.exe |
"TCP Query User{4ACDC456-C4A4-41A3-B38F-E277C996ABC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{559B2109-1CC3-4674-BFF9-3A743F5BA575}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{5FD9FB34-030D-4FDA-9F4D-5314F74AE5DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{606D070B-93C7-4774-80E8-EC293A2C7514}C:\users\jones\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jones\downloads\utorrent.exe |
"TCP Query User{76080CE4-3AA0-49A8-B7DC-4555712B909F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7D3D38E1-E0B8-4229-BDD3-E7CFC47B54EE}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{869B0DC9-E60F-4C38-AE1A-10FC7EF63C5C}C:\program files\mozilla firefox 3.1 beta 3\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 3\firefox.exe |
"TCP Query User{8AA46AFA-5EAA-4712-8612-91EBB5F4BA70}C:\program files\mozilla firefox 3.1 beta 3\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 3\plugin-container.exe |
"TCP Query User{8BC73D90-BA34-4A97-8164-6C9733C4A053}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{9661B202-DE5D-4FD5-BACF-8AFFD6B2FB30}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{971C53CB-6539-4A90-B255-140B35892AF5}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B151F0EC-3517-4044-B5BF-E3FAAC6312BA}C:\users\jones\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\jones\appdata\roaming\cacaoweb\cacaoweb.exe |
"TCP Query User{B2FE41E1-FBA6-4685-8FC9-C5AE829298E3}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{C27036E8-27E6-42CA-9946-3F1AD02728D9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{C8E9D5F9-E99C-43F4-AA0A-5B4DDBE7BF69}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{CC269885-FF8D-4DA3-99A5-03B65D6D44F5}C:\program files\mozilla firefox 3.1 beta 3\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 3\firefox.exe |
"TCP Query User{CDC73D67-A37C-4A81-AA03-77D592BC04F8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D4C2AAC2-2006-47D3-9008-78ADA4C6F3A6}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{D978C067-0656-4A98-81F5-FAAD3916030D}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{DC0C228E-76AA-4E3E-8C64-2EA7A963E737}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{E0157C41-3510-4DD8-8761-2B723BDCE402}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E0D2E6A9-AC1C-4521-91EB-C9EC4A20B8E1}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"TCP Query User{E123AA06-B8AC-44B9-82A7-A6D894AB9788}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{ECABECDC-2394-476E-8178-8F6FF7D55336}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{ED5D6E6E-5C6E-44E0-957A-7B1E93C0DF67}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{F8DA9F7A-BB2D-407C-BBBE-2DF6D2B697EE}C:\users\jones\appdata\local\temp\rar$ex00.155\u992.exe" = protocol=6 | dir=in | app=c:\users\jones\appdata\local\temp\rar$ex00.155\u992.exe |
"TCP Query User{FCC990BF-A352-46EF-B8FC-F5AF2EAEED9B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{03014376-0DED-412F-8634-84ACAEEA456F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{0D8BBAA7-01F8-49B4-A3AF-F901CA2437BC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{15B9ABC2-A396-4569-A73B-7ADB7C6DC01E}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{180952AB-BB1E-46BC-8D90-57F24ED271E6}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{209A9399-E0AD-4C54-AA67-13723768ADF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{22358801-0E50-4EDB-BE14-78F84E3B2E1A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{22712C83-B04B-4627-9876-64D25F325594}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2B6DB9C0-42DF-4923-8D0F-B054E286D85A}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{2BE33B3D-A88C-4132-9CA8-413F992829F6}C:\program files\xbc\xbc_ns.exe" = protocol=17 | dir=in | app=c:\program files\xbc\xbc_ns.exe |
"UDP Query User{39D57682-0C0A-4278-9942-D2EC77B42934}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{3A1BB5C7-7D01-41D4-A6E7-912789A686F3}C:\program files\mozilla firefox 3.1 beta 3\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 3\firefox.exe |
"UDP Query User{3C87A1D1-4785-450C-9325-68E6BC71226D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3D541894-BFDB-4714-AB1F-B47D178CC88B}C:\users\jones\appdata\local\temp\rar$ex00.155\u992.exe" = protocol=17 | dir=in | app=c:\users\jones\appdata\local\temp\rar$ex00.155\u992.exe |
"UDP Query User{3DF20804-1D25-4B17-81AC-71FA2C80207F}C:\program files\mozilla firefox 3.1 beta 3\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 3\plugin-container.exe |
"UDP Query User{4BB9B173-538A-4918-B20E-46A136535A49}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{50319B5C-0571-4967-ACE4-B88AD3D6C48E}C:\users\jones\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jones\downloads\utorrent.exe |
"UDP Query User{6D26AE2A-8106-41BB-94A8-E02B85F0F4FD}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"UDP Query User{6FC5E6D1-B639-4398-B028-3D4B691F8948}C:\program files\ppmate\ppamnet.exe" = protocol=17 | dir=in | app=c:\program files\ppmate\ppamnet.exe |
"UDP Query User{78A97FFE-F578-4ED1-91EA-F54915C937EB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{78E8D405-108B-4D1C-B682-E6A65D62AC4F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7A682915-5BBF-4558-96F6-2625625D3348}C:\program files\aspyr\top spin 2\data\top spin 2.exe" = protocol=17 | dir=in | app=c:\program files\aspyr\top spin 2\data\top spin 2.exe |
"UDP Query User{85790B32-B81F-42A1-A378-2A897535BFC7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{90F12FAD-7844-45FF-8F49-0228CDBDB631}C:\users\jones\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\jones\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{9B406EEB-D777-4981-B1DB-E0BCAF50E7BB}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{9F4056B4-702B-4E60-9B39-CBC14386AEA9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{AD4356A3-8003-4287-A81E-8D53C6ABBAC9}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{B2A54732-8B3C-4CAC-A15E-33168ECBD5DF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{BBE5A769-F19C-4E47-8609-2D76AA7F2E65}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{C18E7484-F9C5-4144-8EA7-D969BB964538}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{C322B6E6-7CFB-4D39-9284-D342391ED993}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{C782839E-82E3-4BC0-81F1-F89BE913E2F0}C:\program files\mozilla firefox 3.1 beta 3\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.1 beta 3\firefox.exe |
"UDP Query User{D1E49A1F-AB56-408B-9D59-A522FFC39D79}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{D3DC09D0-3E7B-46D0-B72E-F57A687AA6EC}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{F2F73192-8197-41B9-8979-98F7621FD347}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 12 DEMO
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5f6460bd-391e-43ce-bcf3-130ef02f8cb2}_is1" = VshareComplete
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904FBA88-9E59-423f-B1C7-E03C9B1AA2EE}" = Canon MP800R
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"Easy Text To HTML Converter" = Easy Text To HTML Converter
"FileZilla Client" = FileZilla Client 3.3.5.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.9.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.1.5
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"MAGIX Screenshare D" = MAGIX Screenshare
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"Security Task Manager" = Security Task Manager 1.7h
"SopCast" = SopCast 3.2.9
"Steam App 10" = Counter-Strike
"TigerGame Superjoy Box Series_is1" = TigerGame Superjoy Box Series
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VideoLightBox" = VideoLightBox
"VLC media player" = VLC media player 1.1.10
"vShare plugin" = vShare plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.97.6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.08.2010 18:27:58 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.08.2010 06:15:49 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2010 07:12:46 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.08.2010 06:36:26 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.08.2010 06:11:27 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.08.2010 06:11:15 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.08.2010 05:23:54 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.08.2010 06:34:40 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.08.2010 07:49:11 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung googleearth.exe, Version 5.1.3535.3218, Zeitstempel
0x4bc68e0b, fehlerhaftes Modul googleearth.exe, Version 5.1.3535.3218, Zeitstempel
0x4bc68e0b, Ausnahmecode 0xc0000005, Fehleroffset 0x00004041, Prozess-ID 0xe48,
Anwendungsstartzeit 01cb4126dbbf6542.
Error - 22.08.2010 05:40:14 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 13.03.2011 16:21:31 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.02.2012 13:10:49 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.02.2012 13:33:36 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.02.2012 05:43:59 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.02.2012 06:20:56 | Computer Name = Jonas-PC | Source = DCOM | ID = 10005
Description =
Error - 15.02.2012 06:21:04 | Computer Name = Jonas-PC | Source = DCOM | ID = 10005
Description =
Error - 15.02.2012 06:21:05 | Computer Name = Jonas-PC | Source = DCOM | ID = 10005
Description =
Error - 15.02.2012 06:21:11 | Computer Name = Jonas-PC | Source = DCOM | ID = 10005
Description =
Error - 15.02.2012 06:21:19 | Computer Name = Jonas-PC | Source = DCOM | ID = 10005
Description =
Error - 15.02.2012 06:21:19 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.02.2012 06:21:19 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
17.02.2012, 10:46
| #4 |
| | Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" Hi, ich will mein Thema nicht pushen (auch wenn ich das hiermit natürlich praktisch mache), aber habe noch eine Frage: Darf/Sollte ich denn meinen Computer momentan überhaupt benutzen, bzw. ins Internet gehen? Das Fenster ploppt ja nur bei dem einen Benutzerkonto auf. Vielen Dank weiterhin und großes Lob an alle Helfer dieser Seite! |
|
17.02.2012, 12:06
| #5 |
| /// Malware-holic | Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" hi ich muss zu meiner schande gestehen, ich habs übersehen :-( dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [vasja] C:\Users\Jones\AppData\Local\Temp\0.6480047217820015.exe (Mach5 Software)
:Files
C:\Users\Jones\AppData\Local\Temp\0.6480047217820015.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 16:51
| #6 |
| | Ebenfalls "Achtung! Ihr Computer wurde gesperrt!"Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
File C:\Users\Jones\AppData\Local\Temp\0.6480047217820015.exe not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
User: altedame1892
->Flash cache emptied: 1384 bytes
User: Default
->Flash cache emptied: 41 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Jones
->Flash cache emptied: 77572 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Administrator
User: All Users
User: altedame1892
->Temp folder emptied: 219402 bytes
->Temporary Internet Files folder emptied: 631833 bytes
->FireFox cache emptied: 177147514 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jones
->Temp folder emptied: 3698676604 bytes
->Temporary Internet Files folder emptied: 569468556 bytes
->Java cache emptied: 52650715 bytes
->FireFox cache emptied: 328863897 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 399552269 bytes
RecycleBin emptied: 1970782125 bytes
Total Files Cleaned = 6.865,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02172012_162213
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Vorgang erfolgreich abgeschlossen." //Ich habe übrigens heute morgen bereits einen Scan mit Malwarebytes durchgeführt. Er hat 21 Funde angezeigt, die ich gelöscht habe. Seitdem keine Anzeichen mehr von dem Virus.. Kann es sein, dass er weg ist? |
|
17.02.2012, 16:58
| #7 |
| /// Malware-holic | Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" ja und wo ist das log? ich kann dir nicht weiter helfen ohne die berichte, also Malwarebytes bitte öffnen, logdateien und den bericht, bzw die berichte posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 17:24
| #8 |
| | Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" Oh sorry, hier: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.16.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 altedame1892 :: JONAS-PC [Administrator] Schutz: Aktiviert 17.02.2012 11:01:17 mbam-log-2012-02-17 (11-01-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 248855 Laufzeit: 8 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 14 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 5 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A3BA40A2-74F0-42BD-F434-00B15A2C8953} (Trojan.BHO) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{A3BA40A2-74F0-42BD-F434-00B15A2C8953} (Trojan.BHO) -> Daten: 7whfiudhf8s7f3oifhif7syfdhsof -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network|UID (Malware.Trace) -> Daten: JONAS-PC_004DCE19 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=fb79984c-443d-11e1-87f2-bc0543075608) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Windows\System32\lowsec (Stolen.data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 C:\Program Files\StartSearch plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jones\AppData\Local\Temp\0.6480047217820015.exe (Trojan.Zbot.CBCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jones\AppData\Local\Temp\mvNat.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
17.02.2012, 17:30
| #9 |
| /// Malware-holic | Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" bitte mal updaten und nen vollständigen scan machen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Ebenfalls "Achtung! Ihr Computer wurde gesperrt!" |
| .dll, achtung!, avg, avira, computer, desktop, explorer.exe, frage, gesperrt, ihr computer wurde gesperrt, ihr computer wurde gesperrt!, internet, lsass.exe, modul, namen, nt.dll, problem, programme, prozesse, recover, registry, rundll, scan, services.exe, surfen, svchost.exe, verweise, viren, virus, windows, winlogon.exe |
Linear-Darstellung
