| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Defender meldet Win32/Renos.JSWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.10.2009, 13:41
| #1 |
| |  Windows Defender meldet Win32/Renos.JS Hallo, ich benutze derzeit Avast und den Windows Defender, um mich vor ungebetenen Gästen zu schützen. (Vista 64bit system) Nach einem Download gestern Abend habe ich wie gewohnt vor dem ausführen der Datei mein Avast scanen lassen. Alles war ok. Nach einer weile erhielt ich eine Meldung vom Windows Defender: TrojanDownloader:Win32/Renos.JS --Entfernen Sie diese Software unverzüglich.-- Also hab ich auf entfernen geklickt. Heute schalte ich den PC an und erhalte die selbe Meldung. Avast träumt vor sich hin und ich schitz vor Angst. Kann mich jemand anleiten wie ich diesen Trojaner sicher wieder entferne? |
|
22.10.2009, 19:16
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Defender meldet Win32/Renos.JS Hallo und
__________________ Bei 64-Bit-Windows ist das Entfernen von Schädlingen schwierig bis unmöglich, da viele Standardtools, die wir hier zur Bereinigung benötigen, nicht 64 bittigem Windows kompatibel sind. Ich würde erstmal nur vorschlagen, Du postest ein Logfile mit HijackThis und machst einen Durchlauf mit MalwareBytes. Danach kannst Du mal OTL probieren: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
23.10.2009, 15:30
| #3 |
| | Windows Defender meldet Win32/Renos.JS Hab vor deiner Antwort schon MWB ausprobiert. Das tool scheint Renos.js gefunden zu haben und konnte ihn auch entfernen. Aber man weiß ja nie. Hab deshalb deine Anweisung befolgt:
__________________hier der Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:05:19, on 23.10.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Program Files (x86)\buffed\BLASC.exe C:\Program Files (x86)\Orbitdownloader\orbitdm.exe C:\Program Files (x86)\Xfire\xfire.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Orbitdownloader\orbitnet.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\maik\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BLASC] "C:\Program Files (x86)\buffed\BLASC.exe" silent O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://stage.dyyno.com/tng/dyyno-client/DyynoCAB.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{91673E07-F5B1-4E40-871E-DC7547B2B81D}: NameServer = 192.168.178.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{91673E07-F5B1-4E40-871E-DC7547B2B81D}: NameServer = 192.168.178.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{91673E07-F5B1-4E40-871E-DC7547B2B81D}: NameServer = 192.168.178.1 O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing) O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9536 bytes |
|
23.10.2009, 15:33
| #4 |
| | Windows Defender meldet Win32/Renos.JS hier noch OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.10.2009 16:13:27 - Run 2 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\maik\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 59,93% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): c:\pagefile.sys 6200 6200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 240,08 Gb Free Space | 51,55% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 60,95 Gb Free Space | 26,17% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAIK-PC Current User Name: maik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\buffed\BLASC.exe (Computec Media AG) PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe () PRC - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Program Files (x86)\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Users\maik\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () ========== Win32 Services (SafeList) ========== SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (MagicTuneEngine [Auto | Running]) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe () SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006.11.02 15:34:14 | 00,000,000 | ---D | M] SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe () SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (UxTuneUp [Auto | Running]) -- C:\Windows\SysWow64\uxtuneup.dll (TuneUp Software) SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof () SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof () SRV:64bit: - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll () SRV:64bit: - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV:64bit: - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV:64bit: - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV:64bit: - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV:64bit: - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll () SRV:64bit: - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe () SRV:64bit: - (nHancer [Auto | Running]) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering) SRV:64bit: - (O&O Defrag [Auto | Running]) -- C:\Windows\SysNative\oodag.exe () SRV:64bit: - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\Windows\SysNative\TuneUpDefragService.exe () SRV:64bit: - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\Windows\SysNative\TUProgSt.exe () SRV:64bit: - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll () SRV:64bit: - (UxTuneUp [Auto | Running]) -- C:\Windows\SysNative\uxtuneup.dll () SRV:64bit: - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe () SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Asapi [Auto | Stopped]) -- C:\Windows\SysWow64\drivers\asapi.sys (VOB Computersysteme GmbH) DRV - (AsIO [System | Running]) -- C:\Windows\SysWow64\drivers\AsIO.sys () DRV - (CSC [System | Running]) -- C:\Windows\CSC [2008.09.03 06:46:31 | 00,000,000 | ---D | M] DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof () DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof () DRV:64bit: - (AmdLLD64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys () DRV:64bit: - (aswFsBlk [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys () DRV:64bit: - (aswMonFlt [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys () DRV:64bit: - (aswRdr [System | Running]) -- C:\Windows\SysNative\drivers\aswRdr.sys () DRV:64bit: - (aswSP [System | Running]) -- C:\Windows\SysNative\drivers\aswSP.sys () DRV:64bit: - (aswTdi [System | Running]) -- C:\Windows\SysNative\drivers\aswTdi.sys () DRV:64bit: - (AtiPcie [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys () DRV:64bit: - (atksgt [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys () DRV:64bit: - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys () DRV:64bit: - (HdAudAddService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\HdAudio.sys () DRV:64bit: - (lirsgt [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (MTsensor [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys () ========== Modules (SafeList) ========== MOD - C:\Program Files (x86)\Xfire\xfire_toucan_39729.dll (Xfire Inc.) MOD - C:\Users\maik\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWow64\MSVCR71.DLL (Microsoft Corporation) MOD - C:\Windows\SysWow64\WSOCK32.dll (Microsoft Corporation) MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "BLASC - Datenbank" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.0.3 FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.03 00:16:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.10.04 14:41:06 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.10.20 12:42:29 | 00,000,000 | ---D | M] [2008.09.02 22:27:32 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Extensions [2008.09.02 22:27:32 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.10.23 16:07:27 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions [2009.08.21 09:19:35 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.08.24 14:26:16 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.20 13:09:17 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009.06.30 16:10:17 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\battlefieldheroespatcher@ea.com [2009.05.06 15:25:50 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\chenyanxu8821@163.com [2009.05.06 15:17:23 | 00,000,000 | ---D | M] -- C:\Users\maik\AppData\Roaming\mozilla\Firefox\Profiles\zdjjgmi6.default\extensions\NPDyyno@dyyno.com [2008.09.21 11:09:23 | 00,001,840 | ---- | M] () -- C:\Users\maik\AppData\Roaming\Mozilla\FireFox\Profiles\zdjjgmi6.default\searchplugins\blasc---datenbank.xml [2009.10.23 16:07:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.09.11 23:48:40 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.04.15 11:15:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009.10.20 12:42:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.04.15 11:15:21 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\search@searchsettings.com [2009.09.11 23:48:37 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2009.09.11 23:48:37 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2009.04.15 22:24:54 | 01,044,480 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll [2009.10.20 12:42:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2009.04.15 22:24:36 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll [2009.04.15 22:24:44 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008.06.27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009.09.11 23:48:37 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2003.07.14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2009.02.27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009.04.15 22:24:54 | 00,200,704 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll [2009.08.18 19:00:05 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.08.18 19:00:05 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2009.08.18 19:00:05 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2009.08.18 19:00:05 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2009.09.11 23:48:37 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2009.08.18 19:00:05 | 00,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [2009.04.18 22:25:38 | 00,000,815 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (736 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL () O4:64bit: - HKLM..\Run: [OODefragTray] C:\Windows\SysNative\oodtray.exe () O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe File not found O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [BLASC] C:\Program Files (x86)\buffed\BLASC.exe (Computec Media AG) O4 - HKCU..\Run: [nHancer] C:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme (x86)\Microsoft Office\OFFICE11\EXCEL.EXE File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://stage.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL File not found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL File not found O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll () O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (OODBS) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\Windows\*.tmp files] [2009.10.21 23:31:26 | 00,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357} [2009.10.07 01:15:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe [2009.10.22 16:22:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.10.20 16:25:30 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP [2009.10.21 23:31:44 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2009.10.17 18:19:52 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Roaming\Dev-Cpp [2009.10.22 16:22:58 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Roaming\Malwarebytes [2009.10.20 12:49:30 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Roaming\OpenOffice.org [2009.10.21 23:32:09 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Roaming\TuneUp Software [2 C:\Users\maik\AppData\Local\*.tmp files] [2009.10.07 01:16:52 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Local\Adobe [2009.10.20 16:15:51 | 00,000,000 | ---D | C] -- C:\Users\maik\AppData\Local\Apps [2 C:\Users\maik\AppData\Local\*.tmp files] [1 C:\Users\maik\Desktop\*.tmp files] [2009.10.07 01:15:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2009.10.07 01:15:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2009.10.20 13:09:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AskBarDis [2009.10.20 22:46:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AusLogics Emergency Recovery [2009.10.20 12:41:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2009.10.20 12:43:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JRE [2009.10.20 13:32:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ontrack [2009.10.20 12:43:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2009.10.21 23:31:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2009 [2009.10.10 12:20:25 | 00,000,000 | ---D | C] -- C:\Program Files\HP [2009.10.22 16:22:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009.10.21 23:32:25 | 00,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2009.10.21 23:32:25 | 00,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2009.10.20 23:38:56 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2009.10.20 16:59:50 | 00,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeployV.exe [2009.10.20 16:27:36 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\Restored Files [2009.10.20 12:42:29 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2009.10.20 12:42:29 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2009.10.20 12:42:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2009.10.20 12:42:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2009.10.14 21:12:02 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2009.10.14 21:12:01 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2009.10.14 21:12:00 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2009.10.14 21:12:00 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2009.10.14 21:11:59 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2009.10.14 21:10:59 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL [2009.10.14 21:10:56 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009.10.14 21:10:53 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll [2009.10.14 21:10:52 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll [2009.10.14 21:10:52 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll [2009.10.14 21:10:52 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009.10.14 21:10:51 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2009.10.14 21:10:50 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2009.10.14 21:10:50 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2009.10.14 21:10:50 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2009.10.14 21:10:50 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2009.10.14 21:10:50 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2009.10.14 21:10:49 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2009.10.14 21:10:49 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2009.10.14 21:10:49 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2009.10.14 21:10:49 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009.10.14 21:10:49 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2009.10.14 21:10:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2009.10.14 21:10:48 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009.10.14 21:10:48 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2009.10.14 21:10:48 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2009.10.14 21:09:30 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009.10.14 21:09:30 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll [2009.10.14 21:09:29 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll [2009.10.14 21:09:24 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll [2009.10.07 01:15:50 | 00,000,000 | ---D | C] -- C:\Config.Msi [2009.10.07 00:55:49 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\ERE [2009.10.06 22:21:03 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\prg [2009.10.03 14:32:21 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2009.10.03 14:32:21 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2009.10.03 14:32:21 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2009.10.03 14:32:13 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2009.10.03 14:32:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2009.09.30 23:52:52 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\EG1 [2009.09.29 18:45:41 | 00,000,000 | ---D | C] -- C:\Users\maik\Desktop\Mathe teil 1 ========== Files - Modified Within 30 Days ========== [1 C:\Windows\*.tmp files] [2 C:\Users\maik\AppData\Local\*.tmp files] [1 C:\Users\maik\Desktop\*.tmp files] [2009.10.23 16:01:43 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F61977E-ED3D-470C-80F2-7C711A595570}.job [2009.10.23 16:00:01 | 00,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2009.10.23 15:56:26 | 00,056,096 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009.10.23 15:56:25 | 00,001,724 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2009.10.23 15:56:23 | 00,056,096 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009.10.23 15:56:12 | 00,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.10.23 15:56:12 | 00,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.10.23 15:56:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.10.23 15:56:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.10.23 15:55:58 | 00,556,772 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2009.10.22 20:31:16 | 03,163,287 | -H-- | M] () -- C:\Users\maik\AppData\Local\IconCache.db [2009.10.21 23:32:34 | 00,842,056 | ---- | M] () -- C:\Windows\SysNative\TUProgSt.exe [2009.10.21 23:32:10 | 00,506,696 | ---- | M] () -- C:\Windows\SysNative\TuneUpDefragService.exe [2009.10.21 23:32:03 | 00,001,753 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2009.10.21 23:32:02 | 00,001,669 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk [2009.10.20 18:04:40 | 00,005,393 | ---- | M] () -- C:\Users\maik\Documents\USBRECOVERTEST.DPN [2009.10.20 14:12:14 | 00,097,888 | ---- | M] () -- C:\Users\maik\AppData\Local\GDIPFONTCACHEV1.DAT [2009.10.20 14:10:58 | 00,390,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009.10.20 12:44:16 | 00,001,051 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk [2009.10.20 12:42:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2009.10.20 12:42:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2009.10.20 12:42:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2009.10.20 12:42:09 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2009.10.20 11:13:51 | 01,418,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009.10.20 11:13:51 | 00,615,998 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2009.10.20 11:13:51 | 00,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009.10.20 11:13:51 | 00,122,304 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2009.10.20 11:13:51 | 00,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009.10.20 11:10:49 | 00,000,413 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2009.10.15 01:58:08 | 00,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll [2009.10.15 01:58:06 | 00,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll [2009.10.08 11:54:06 | 00,022,016 | ---- | M] () -- C:\Users\maik\Documents\Tilla.doc [2009.10.07 01:16:01 | 00,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009.10.02 20:40:19 | 26,575,296 | ---- | M] () -- C:\Windows\SysNative\mrt.exe [2009.10.01 14:54:35 | 00,024,576 | ---- | M] () -- C:\Users\maik\Documents\in einen harung.doc [2009.10.01 10:29:14 | 00,238,960 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe ========== Files - No Company Name ========== [2009.10.22 16:22:53 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2009.10.21 23:33:08 | 00,000,534 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job [2009.10.21 23:32:34 | 00,842,056 | ---- | C] () -- C:\Windows\SysNative\TUProgSt.exe [2009.10.21 23:32:25 | 00,035,144 | ---- | C] () -- C:\Windows\SysNative\uxtuneup.dll [2009.10.21 23:32:25 | 00,020,808 | ---- | C] () -- C:\Windows\SysNative\authuitu.dll [2009.10.21 23:32:10 | 00,506,696 | ---- | C] () -- C:\Windows\SysNative\TuneUpDefragService.exe [2009.10.21 23:32:03 | 00,001,753 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2009.10.21 23:32:02 | 00,001,669 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk [2009.10.20 18:14:29 | 00,338,944 | ---- | C] () -- C:\Users\maik\Documents\Examensarbeit Rinser Finale final draft kkkkkkk.doc [2009.10.20 18:04:40 | 00,005,393 | ---- | C] () -- C:\Users\maik\Documents\USBRECOVERTEST.DPN [2009.10.20 12:44:16 | 00,001,051 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk [2009.10.20 11:10:50 | 00,006,772 | ---- | C] () -- C:\Windows\SysWow64\int13ext.vxd [2009.10.20 11:10:49 | 00,000,413 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2009.10.15 01:58:08 | 00,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2009.10.15 01:58:06 | 00,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2009.10.14 21:12:13 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2009.10.14 21:12:02 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll [2009.10.14 21:12:02 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax [2009.10.14 21:12:00 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll [2009.10.14 21:12:00 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax [2009.10.14 21:12:00 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax [2009.10.14 21:10:59 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL [2009.10.14 21:10:55 | 09,236,992 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2009.10.14 21:10:54 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2009.10.14 21:10:52 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2009.10.14 21:10:52 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2009.10.14 21:10:51 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2009.10.14 21:10:51 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2009.10.14 21:10:51 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2009.10.14 21:10:50 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2009.10.14 21:10:50 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2009.10.14 21:10:49 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2009.10.14 21:10:49 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2009.10.14 21:10:49 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2009.10.14 21:10:49 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2009.10.14 21:10:49 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2009.10.14 21:10:49 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2009.10.14 21:10:48 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2009.10.14 21:10:48 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2009.10.14 21:10:48 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2009.10.14 21:10:48 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2009.10.14 21:10:48 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2009.10.14 21:09:31 | 01,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll [2009.10.14 21:09:31 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll [2009.10.14 21:09:30 | 00,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys [2009.10.14 21:09:30 | 00,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll [2009.10.14 21:09:28 | 00,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll [2009.10.14 21:09:28 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe [2009.10.14 21:09:26 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2009.10.14 21:09:24 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll [2009.10.12 16:21:22 | 00,001,724 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2009.10.08 11:19:29 | 00,022,016 | ---- | C] () -- C:\Users\maik\Documents\Tilla.doc [2009.10.07 01:16:01 | 00,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009.10.03 14:32:44 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe [2009.10.03 14:32:44 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll [2009.10.03 14:32:43 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll [2009.10.03 14:32:43 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll [2009.10.03 14:32:21 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll [2009.10.03 14:32:21 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll [2009.10.03 14:32:21 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll [2009.10.03 14:32:13 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll [2009.10.03 14:32:13 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe [2009.10.02 20:10:06 | 00,238,960 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe [2009.10.01 14:54:35 | 00,024,576 | ---- | C] () -- C:\Users\maik\Documents\in einen harung.doc [2009.06.19 21:36:05 | 00,056,096 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.19 21:35:54 | 00,056,096 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.05.08 00:58:23 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.04.21 12:40:24 | 00,004,096 | -H-- | C] () -- C:\Users\maik\AppData\Local\keyfile3.drm [2009.04.06 14:45:25 | 00,000,127 | ---- | C] () -- C:\Windows\Sam8_D.INI [2009.03.06 17:59:25 | 00,076,800 | ---- | C] () -- C:\Windows\SysWow64\BD120.dll [2009.02.18 21:53:54 | 00,194,150 | ---- | C] () -- C:\Users\maik\AppData\Local\dd_depcheckdotnetfx30.txt [2009.02.18 21:53:45 | 00,178,554 | ---- | C] () -- C:\Users\maik\AppData\Local\dd_dotnetfx3install.txt [2009.02.18 21:53:45 | 00,007,320 | ---- | C] () -- C:\Users\maik\AppData\Local\uxeventlog.txt [2009.02.18 21:53:45 | 00,002,850 | ---- | C] () -- C:\Users\maik\AppData\Local\dd_dotnetfx3error.txt [2009.02.13 19:32:39 | 00,000,284 | ---- | C] () -- C:\Windows\ulead32.ini [2008.12.28 14:28:11 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2008.12.28 14:27:51 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2008.12.28 14:25:51 | 00,001,188 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.11.10 00:35:00 | 03,163,287 | -H-- | C] () -- C:\Users\maik\AppData\Local\IconCache.db [2008.10.29 22:49:32 | 00,000,069 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini [2008.10.29 18:09:30 | 00,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI [2008.10.28 17:40:48 | 00,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2008.10.09 20:44:19 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2008.10.07 17:40:30 | 00,000,680 | ---- | C] () -- C:\Users\maik\AppData\Local\d3d9caps.dat [2008.10.07 17:40:26 | 00,000,552 | ---- | C] () -- C:\Users\maik\AppData\Local\d3d8caps.dat [2008.10.07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.22 14:13:00 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.09.11 14:46:26 | 00,034,304 | ---- | C] () -- C:\Users\maik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.02 23:05:31 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.09.02 22:38:51 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2008.09.02 22:38:51 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2008.09.02 22:38:49 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2008.09.02 22:38:49 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2008.09.02 21:58:21 | 00,030,564 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.09.02 21:58:01 | 00,030,312 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.09.02 21:53:33 | 00,097,888 | ---- | C] () -- C:\Users\maik\AppData\Local\GDIPFONTCACHEV1.DAT [2008.09.02 21:53:11 | 00,000,732 | ---- | C] () -- C:\Users\maik\AppData\Local\d3d9caps64.dat [2008.06.05 08:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.01.21 04:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:48:56 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.12.28 09:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2006.11.02 17:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2006.11.02 17:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini [2006.11.02 14:34:27 | 00,000,305 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2004.08.06 20:00:42 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\WINREGP.DLL [2004.02.06 13:05:22 | 00,014,848 | ---- | C] () -- C:\Windows\SysWow64\TERNT.DLL [2004.02.06 13:00:04 | 00,015,872 | ---- | C] () -- C:\Windows\SysWow64\TER9X.DLL [2003.12.14 02:03:42 | 01,107,472 | ---- | C] () -- C:\Windows\SysWow64\OWL52.DLL < End of report > und hier das 2te logflie von OTL:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.10.2009 16:13:27 - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\maik\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 59,93% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): c:\pagefile.sys 6200 6200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 240,08 Gb Free Space | 51,55% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 60,95 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAIK-PC
Current User Name: maik
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-25070272-2197854149-4258674722-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078CD6F7-DB92-4711-ABCF-7BAF2829B917}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07CCDD65-B974-4612-A608-9B3D49711B18}" = lport=138 | protocol=17 | dir=in | app=system |
"{0814462B-845C-46BC-82FA-35CB6B1E05FD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{08D0A995-7B6E-4B73-A059-07BEF13A94C2}" = rport=2178 | protocol=6 | dir=out | app=system |
"{0EFB5352-95DE-4597-9C1A-DEF5976DF347}" = lport=1012 | protocol=6 | dir=in | name=fritz |
"{14C65693-A31C-4D60-AFAD-E9F0559CF522}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18C86CC9-F972-4547-9480-4699FFC5D14F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AED900F-C3C6-4B58-A4DE-75FFCB2A37F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{229268FC-AA11-46A7-AC02-3F2BF6827B84}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{253B77CC-DFCF-4AFB-8565-576EEFFD11F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{34DB335B-BEA5-46F1-BCF6-EDAEEB275269}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4922778F-8F51-4751-8F5F-89B9E5626279}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{4AE98533-BD28-46FC-8141-C2889B2B738C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5C817B20-3A25-4B7F-8E4C-39D6FF1121E0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{71C014C3-A56B-49BF-942E-F109F2C60CEF}" = rport=137 | protocol=17 | dir=out | app=system |
"{733CDE60-470F-4228-882E-3713B71088C8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7469D4A8-AAC1-4B0B-8DF6-F545A1E5D0D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{76892E27-1041-4257-88F5-530750663E2D}" = lport=2178 | protocol=6 | dir=in | app=system |
"{7B68FC56-3771-4137-A3C6-7BACD203F0A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E444B35-0D06-4AEC-810D-524CCB23C532}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{875114E9-D378-4177-8D3A-185209F69B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9715FAB6-3B03-4E94-A7D4-7B4995DD5AA6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9990E02A-DE60-4AF2-A80F-C3595B89D9DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B4FEA12-FE26-4E58-AA4E-03E3D9E3B3CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{9BFA9A3A-6A57-489D-A48B-8BF9C785F325}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CA7E74F-CB2B-4356-A5A1-B4F00C5E7CA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A637D1FF-1D4A-49B0-95AE-870AC5E93A75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0EC0381-66D8-4717-BAA9-9B47CBEDA727}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{B494E13C-344F-4008-80A8-63DCFD13F33F}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5FF77A1-F037-4B1D-8230-EF08954E7F39}" = lport=139 | protocol=6 | dir=in | app=system |
"{B6D03E97-7A4D-4FBC-8280-8817433EEF54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B873B2AF-413A-42D8-A6CA-66B96A78CBFB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DD2B5265-7E54-4465-9BAB-D75A75590107}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE32F06C-A19E-477B-9CF5-3867FAE56380}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E321F0C7-7A94-4B4C-865F-C9EFE02E00E1}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{F622DE33-587B-4350-B3CB-214325CE28B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0185CFDA-F46E-4560-B171-7293C7B3A0CF}" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\common\eve online\eve.exe |
"{06D1A7FD-0D79-4F0F-BEC9-3CA171277626}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{08B2CE9E-C965-4673-A90E-54460BF1DDE2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0C751B90-1BBA-44E0-9C4B-E6FAF53B8FA2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{0E1AE9BE-1B73-449E-A133-2769D6F98B99}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0E4E7D69-8EC0-4BA9-9A2B-668F0B6E4A49}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{1A417DD8-05AD-41BC-84A8-9A44E7EE9553}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{1ACFF89A-4AEF-4D38-BA36-ED509F0076EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{205A56E1-E726-4BF6-84BC-F30E702D0529}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{20E56B8E-3E6F-4BA0-90A6-08E7F7CB5BC5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22EB9090-1FA9-4D6C-B37D-8713F4F8FD30}" = protocol=6 | dir=out | app=system |
"{29AF9B3D-A88F-43E1-9B4F-7385C52283C4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{2CD8BB2B-DA7D-4EC8-BB98-25A7C9ECBB29}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2FB0BFFF-B8FC-4E2E-B81A-C45ECBD0F0CF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{311410AA-8C2F-4867-B77A-B7FDED4F933A}" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\common\fear2spdemo\fear2spdemo.exe |
"{360E122D-8C67-4C2B-BCE3-4258BE714D73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39CB4015-A6E1-4A90-8096-0EEF38C40D82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3ACD82E2-8C6F-4BB7-AC08-D2C795A35972}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{42EE4AFB-1F4E-4A4B-BE07-8CAC61018E64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{43F41165-B5E5-4368-A9B8-C32E4C9F9EC1}" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\common\eve online\eve.exe |
"{46752746-9BE9-41F4-83B5-1231436457F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{4730333E-7C77-46BB-A211-484778227588}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{4AA671F8-8ECC-4659-BE05-7F613AA78528}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{4C5530F3-F379-4F42-B631-3D458ACB3E4C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{50991F6B-75D9-4229-9052-FA605A4F4702}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{530C5E6D-4276-43AE-B481-8A21A6A3135D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{55E1C1C7-91E5-4A75-9B47-3AD00B91E5B3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{56BF813F-980A-40AD-97F2-545171B09411}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5A4E3EE1-B940-4F26-843B-4186E192BA42}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{647EB738-A050-49E1-9A92-08C7423E1FF5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6BBC8367-7E57-4023-9AF8-8788659551E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C276685-A5F2-48CF-8B19-8D1DF81DED0F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C8FCC66-5D46-476E-8ABF-E48D37F1D57E}" = protocol=17 | dir=in | app=c:\users\maik\appdata\locallow\dyyno receiver\dppm.exe |
"{6CCB9F58-7E06-4D20-839F-9563883DEB64}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{72788361-1DAE-4215-91E2-DEFB418F004D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{761609BF-DEA9-4168-ABA4-7C6C038735CE}" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\common\fear2spdemo\fear2spdemo.exe |
"{795478F9-CA13-48DE-9D8D-08DA14EE5115}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{7A62E962-DBC5-4603-B7EA-1E33BFE37757}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7ECD15F4-7C39-4ECE-B67E-B325B25FA857}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{7F70E0D3-8FC0-4051-AAC6-811ECE3CA95E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8024A299-B578-4B0C-83A1-AD950BFEF320}" = protocol=6 | dir=in | app=c:\users\maik\appdata\local\temp\jdstart.exe |
"{81821A85-8C9C-4E34-8A63-DDA9BCC2FB4A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{83D0EE51-3575-4335-AE37-B4351A0DDE78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86ADDA8B-315C-449A-BB70-A4E4EA5348CC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{899A35F5-9ADD-4412-9741-023F25815306}" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8C495399-F421-4AA6-8A41-9BDC221B0F3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E66AC56-B468-4633-AD59-7EAF1C7D7286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{916B9924-F61E-47BF-B8D5-A439DA722E0D}" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{91BA914C-31FF-437E-9B7E-D2CEC2C0130A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93F73137-22A4-40B5-8A2B-6C55746852F1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{97124022-0244-43FE-9F43-5B870BD94840}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{9903EEED-E76A-4841-93A8-BC144EEA3D85}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{9AF33039-8242-4098-8BA9-09477F0434DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{A03672B1-388D-4B1D-A353-53B7457B0B68}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A23719EE-7B9F-4438-9010-B93C81E7C54F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{A3FB04E3-CBB3-48E7-BB04-2C1FB808F458}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7C2646E-4682-4348-A09B-90FBAB9C2EC9}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{AE338470-72F5-45D4-81DE-F79E3106ACAD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{AE51E383-601F-4972-A822-5C50EA89BBDE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{AE65A23D-E358-4B63-BC1A-567FDE86D54B}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{B0DF3840-8E2C-4E0B-93D4-1E20A69A2C1D}" = protocol=17 | dir=in | app=c:\users\maik\appdata\local\temp\jdstart.exe |
"{B14CB527-FA3C-411D-B278-0D7AA82856C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B46A68AC-4C08-44D9-8896-A70CEE7008EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B51E2C08-1AB1-4440-9226-0161E1B04534}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{B7FBFD67-A1D4-4A0E-AF1E-B2E167AB2136}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe |
"{BE75C4D5-E932-4FF5-8539-49BA17479DBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C48E739B-BF6A-4E91-A1FE-7ABDF8A65878}" = protocol=6 | dir=in | app=c:\users\maik\appdata\locallow\dyyno receiver\dppm.exe |
"{D338553A-677E-463B-BF36-C35A0E637D6C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{D66FAC8C-6392-4D84-AE44-F3006951CF7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF0B59D1-3DAE-4D53-962B-7ABD572740D8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E2F06239-A6AE-4F77-A3FC-BED7FFF19EB6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E945B8D6-4A9A-40B2-9242-FC16536B3085}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe |
"{F713968C-6C89-4242-A00C-9FAA6AD891CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9449F18-0755-4BB3-BC3A-1768E7D5C532}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FBE70713-DC9A-4455-8271-D61E4CB34A88}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"TCP Query User{02B3C261-374D-43B3-BAFD-2B27BBDA6C48}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{0872F309-2457-4CC5-A337-E46F70E11315}C:\users\maik\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\maik\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{14327AB3-6086-4288-B046-D3DC72A1FC2C}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{1B49253B-9304-4C49-A5CD-A8D98BD78A57}D:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=d:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe |
"TCP Query User{28D06DED-F4B8-41B1-A093-6B800EF8D756}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{292C7F60-F99F-43DE-8680-3F3654C7F28B}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{2A538960-637F-4B3E-A092-785886AF20F9}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{33ED58E8-65A4-4574-85C3-F39DD2D82E85}D:\icq6\icq.exe" = protocol=6 | dir=in | app=d:\icq6\icq.exe |
"TCP Query User{3D51AA46-1D95-4707-A8B0-AB19D655AD3D}D:\valve\steam\steamapps\maikachtermann\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\maikachtermann\counter-strike source\hl2.exe |
"TCP Query User{4C0B0800-517B-4BE0-AED5-2FB386BB74D5}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{5954817D-E331-43A3-9B89-CC39AC15530D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5E46C8B0-7B87-486E-AF7C-4A134B5B8EF8}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{6B39F82D-C71E-41EC-999F-B7971576D5BD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{773B831E-5FD3-45D3-A7FC-855D8959C90B}D:\grid\grid.exe" = protocol=6 | dir=in | app=d:\grid\grid.exe |
"TCP Query User{792C218C-2160-42D2-BB57-5E5072FF6557}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{7BFCA40C-AA02-4D83-974D-69FC2CE6A1EE}D:\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe |
"TCP Query User{81F91D9D-2DBD-457D-8D09-322BC1B0D5AF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8986DDFE-6A3E-4ECE-9EF9-E45BA2F14AFA}D:\spiele neu\dead space\dead space.exe" = protocol=6 | dir=in | app=d:\spiele neu\dead space\dead space.exe |
"TCP Query User{90A14B87-4333-4DEE-B479-4E520DFB4135}C:\program files (x86)\blobby volley\volley.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blobby volley\volley.exe |
"TCP Query User{9D4CFCBB-24D0-4176-9661-68E420C84865}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{A92CCA58-385E-4635-8FF8-1E0B74E1285B}D:\valve\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=d:\valve\steam\steamapps\common\eve online\bin\exefile.exe |
"TCP Query User{AB2B1290-FFA3-465E-81B1-3B8B28B2D60F}D:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=d:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe |
"TCP Query User{C82A0238-52FA-4C66-B5FE-006589AACC29}C:\program files (x86)\blobby volley\volley.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blobby volley\volley.exe |
"TCP Query User{CC66DC74-0DB7-4838-AC21-784F68BED17B}D:\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe |
"TCP Query User{CEAC968E-3893-40C9-981B-0BA065E92E98}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{CEBED8D6-B85E-4DB5-B032-2B6D77DA6810}D:\spiele neu\dead space\dead space.exe" = protocol=6 | dir=in | app=d:\spiele neu\dead space\dead space.exe |
"TCP Query User{F99A5F78-624B-4316-94AB-F8F6FC643645}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{00C763DB-CE6C-4C05-8B22-098B56562E0A}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{1193D5F1-3483-417A-A0B2-094336A81017}D:\valve\steam\steamapps\maikachtermann\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\maikachtermann\counter-strike source\hl2.exe |
"UDP Query User{11EEEA90-7D8A-43AF-A394-D4E98B59A5F2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{14392510-C94D-4F97-8B68-8ACABBADB151}D:\icq6\icq.exe" = protocol=17 | dir=in | app=d:\icq6\icq.exe |
"UDP Query User{21C8BB40-042B-405F-AD56-C148EE7B8007}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{5252226A-3DA1-4C64-8610-8A7B11E07467}D:\spiele neu\dead space\dead space.exe" = protocol=17 | dir=in | app=d:\spiele neu\dead space\dead space.exe |
"UDP Query User{5EE8E653-5450-473C-95D5-82A095492B01}D:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=d:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe |
"UDP Query User{86BB66F7-E54A-4A8D-BB1E-9B89FD2D7A60}D:\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe |
"UDP Query User{8AD6CAD4-95C9-4935-B92F-31DE055AAAAD}C:\users\maik\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\maik\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{8CCA2965-D3EA-4722-85E3-1B39856CB84B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{A3545D1D-BBFE-45A8-9454-C496AA208F0A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A500325F-2CEE-4139-8880-7D41D67DE79C}D:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=d:\spiele neu\brothers in arms - hell's highway\binaries\biahh.exe |
"UDP Query User{A8BFA494-E951-46D8-AAA8-914AAE6BED43}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{AFFFBFB6-C74C-497F-A552-19E5EE99CD9D}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{B410A1A2-6390-4904-A2F7-111B901C88AF}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B44EB0A8-7213-4DFB-A392-049C83CC063B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B7969137-2437-44C6-975E-9C3E1FAB1595}C:\program files (x86)\blobby volley\volley.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blobby volley\volley.exe |
"UDP Query User{BC578A8D-3C03-481F-AFD9-754ABDA6AC27}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C22E0AD2-AD66-4A99-AC0F-F9717FD8E86A}D:\grid\grid.exe" = protocol=17 | dir=in | app=d:\grid\grid.exe |
"UDP Query User{C84C474E-2E2A-4BD6-B1EC-DD7EA17C9201}D:\valve\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=d:\valve\steam\steamapps\common\eve online\bin\exefile.exe |
"UDP Query User{CE0457D5-884A-4A53-A1BF-C87A857F98F1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{CE52B838-21DD-4B4B-BD94-855B7FCDB9A4}D:\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe |
"UDP Query User{D13ECD8B-2CCF-4DF2-B627-F46854B34C57}C:\program files (x86)\blobby volley\volley.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blobby volley\volley.exe |
"UDP Query User{D642F73C-8D9C-4DAF-B7C6-AAA068E0CF3D}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{D7CEBA75-67B9-478B-B594-28C051E11FB7}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{F971603F-4E2C-432B-B179-D01E6C923EFC}D:\spiele neu\dead space\dead space.exe" = protocol=17 | dir=in | app=d:\spiele neu\dead space\dead space.exe |
"UDP Query User{FD00121D-9242-4916-A7C7-3D244E421BC6}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{087BEB30-5324-4615-A097-51DB44EC5B71}" = O&O Defrag Professional Edition
"{23F383FC-242A-45B8-969E-7FD85FBB764D}" = nHancer
"{43602F34-1AA3-44FB-AEB2-D08C2C737440}" = Paint.NET v3.36
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{de2f2d9c-53e2-40ee-8209-74da63cb060f}" = Python 3.0.1 (64-bit)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01008201-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Enzyklopädie 2002
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3AC3721C-D4A2-42D0-9A25-4E190B4931EF}" = Hercules Crystal based Sound cards
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4D4C7CA5-3912-40A3-94BF-9B8089188A7A}" = FRITZBox Anrufmonitor
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C128CF4-AD6B-42C6-A6E0-DF62406C1D44}" = DOC Regenerator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{685C7EBA-82F4-44F8-9514-911A69850DA3}" = Express Gate
"{6F3F58D0-6CE9-4B76-B3C2-9E5BD6323992}" = Quake Live Mozilla Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{ECF78678-38CD-4C92-8353-195E92A4BD7C}_is1" = AusLogics Emergency Recovery
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"Addictive Drums Demo" = Addictive Drums Demo
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"BBE Sonic Maximizer Plugin" = BBE Sonic Maximizer Plugin
"BioDrummer v1.2" = BioDrummer v1.2
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner (remove only)
"Cubasis VST 5" = Cubasis VST 5
"CurseClient" = Curse Client
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Disk Investigator" = Disk Investigator 1.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DyynoPlayer" = DyynoPlayer 0.8.6f
"EVEMon" = EVEMon
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Groove Monkee Sample Pack" = Groove Monkee Sample Pack
"Guitar Pro 5_is1" = Guitar Pro 5.2
"GuitarScalesMethod_is1" = GSM 1.1.4.2
"HijackThis" = HijackThis 2.0.2
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Magix Samplitude Professional v8.0" = Magix Samplitude Professional v8.0
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master Unit" = Master Unit
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Muon Tau MDrive" = Muon Tau MDrive
"Native Instruments - Rig Kontrol 3 Driver" = Native Instruments - Rig Kontrol 3 Driver
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Shockwave" = Shockwave
"Steam App 500" = Left 4 Dead
"Steam App 8500" = EVE Online
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 0.9.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Documents Recover-Center" = Documents Recover-Center 1.0
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 08.05.2009 16:32:23 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005.
Error - 20.07.2009 13:21:11 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005.
Error - 21.07.2009 19:57:34 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\325898297\Owner.mdb failed, 00000005.
Error - 30.08.2009 18:50:26 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005.
Error - 02.09.2009 18:15:03 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005.
Error - 16.09.2009 19:50:52 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Roaming\ICQ\Application.mdb failed, 00000005.
Error - 13.10.2009 18:49:59 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Local\Adobe\Updater6\Install\reader9rdr-de_DE\AdbeRdr920_de_DE.msi
failed, 00000005.
Error - 22.10.2009 13:12:34 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Public\Documents\buffed\Configs\Config.db failed, 00000005.
Error - 22.10.2009 13:12:36 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\maik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
failed, 00000005.
Error - 22.10.2009 14:31:17 | Computer Name = maik-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Public\Documents\buffed\Configs\Config.db failed, 00000005.
[ Application Events ]
Error - 20.10.2009 16:27:49 | Computer Name = maik-PC | Source = Application Hang | ID = 1002
Description = Programm undelete_plus.exe, Version 3.0.0.602 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: e04 Anfangszeit: 01ca51c394c000fe Zeitpunkt
der Beendigung: 15
Error - 20.10.2009 18:09:09 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.10.2009 16:45:55 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.10.2009 17:04:15 | Computer Name = maik-PC | Source = VSS | ID = 8194
Description =
Error - 22.10.2009 07:27:21 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.10.2009 07:31:09 | Computer Name = maik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung escal.exe, Version 0.0.0.0, Zeitstempel 0x4ad232d5,
fehlerhaftes Modul escal.exe, Version 0.0.0.0, Zeitstempel 0x4ad232d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000010cc, Prozess-ID 0xdec, Anwendungsstartzeit 01ca530b26be6b0e.
Error - 22.10.2009 07:31:15 | Computer Name = maik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung h2635s.exe, Version 0.0.0.0, Zeitstempel 0x724d3eef,
fehlerhaftes Modul h2635s.exe, Version 0.0.0.0, Zeitstempel 0x724d3eef, Ausnahmecode
0xc0000005, Fehleroffset 0x0000828d, Prozess-ID 0x9cc, Anwendungsstartzeit 01ca530b2a512ebe.
Error - 22.10.2009 07:41:56 | Computer Name = maik-PC | Source = VSS | ID = 8194
Description =
Error - 22.10.2009 13:15:22 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2009 09:57:43 | Computer Name = maik-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 30.04.2009 02:57:26 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description =
Error - 30.04.2009 09:04:23 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description =
Error - 30.04.2009 09:31:40 | Computer Name = maik-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -85400 Sekunden
geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal -54000
Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123)
funktionsfähig ist.
Error - 01.05.2009 09:16:07 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description =
Error - 03.05.2009 03:35:43 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description =
Error - 04.05.2009 03:55:51 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description =
Error - 05.05.2009 04:28:19 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description =
Error - 05.05.2009 05:19:03 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description =
Error - 05.05.2009 06:20:18 | Computer Name = maik-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 05.05.2009 06:21:25 | Computer Name = maik-PC | Source = HTTP | ID = 15016
Description =
[ TuneUp Events ]
Error - 22.10.2009 10:22:58 | Computer Name = maik-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-22 16:22:58', '\device\harddiskvolume1\malwarebytes'
anti-malware\mbam.exe','4672',0)
Error - 22.10.2009 10:23:33 | Computer Name = maik-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-22 16:23:33', '\device\harddiskvolume1\malwarebytes'
anti-malware\mbam.exe','4484',0)
Error - 22.10.2009 10:23:48 | Computer Name = maik-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-22 16:23:48', '\device\harddiskvolume1\malwarebytes'
anti-malware\mbam.exe','5084',0)
< End of report >
|
|
23.10.2009, 16:52
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Defender meldet Win32/Renos.JS Hast Du noch das Logfile von MalwareBytes? Wenn ja bitte posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.10.2009, 10:40
| #6 |
| | Windows Defender meldet Win32/Renos.JS Müsste ja das im MWB ordner sein: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 3011 Windows 6.0.6001 Service Pack 1 22.10.2009 19:10:11 mbam-log-2009-10-22 (19-09-58).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 513439 Laufzeit: 1 hour(s), 2 minute(s), 19 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: D:\Aufnahmeprogramme\Samplitude_V8_professional\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken. C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> No action taken. C:\Windows\msa.exe (Trojan.Agent) -> No action taken. C:\Windows\msb.exe (Trojan.Agent) -> No action taken. C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken. C:\Users\maik\AppData\Local\Temp\b.exe (Trojan.Downloader) -> No action taken. C:\Users\maik\AppData\Local\Temp\msxml71.dll (Trojan.FakeAlert) -> No action taken. |
|
| Themen zu Windows Defender meldet Win32/Renos.JS |
| 64bit, ausführen, avast, datei, defender, download, downloader, erhalte, gestern, gäste, gästen, heute, loader, melde, meldet, meldung, scanen, schütze, software, system, trojaner, trojaner downloader, ungebetene, vista, vista 64bit, win32/renos.js, windows |
Linear-Darstellung
