| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Löschen oder nicht löschen, das ist hier die FrageWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
13.05.2010, 10:14
| #1 |
| |  Löschen oder nicht löschen, das ist hier die Frage Hallöchen, mein Kaspersky hat heute bei der Installation von Google Earth einen Trojan.Generic gemeldet, welchen ich dann gleich in die Quarantäne verschoben habe. Meine Frage ist jetzt: Soll ich den eher in der Quarantäne drin lassen oder über Kaspersky löschen? Danke & Gruß, Jogi |
|
14.05.2010, 10:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Löschen oder nicht löschen, das ist hier die Frage Hallo und
__________________ Kann man so nicht sagen, poste bitte die vollständige Kaspersky Meldung bzw. das Logfile.
__________________ |
|
14.05.2010, 19:59
| #3 |
| | Löschen oder nicht löschen, das ist hier die Frage Nen Logfile find ich nicht^^ Ich hab halt mal rauskopiert was da angezeigt wurde:
__________________gefunden: potentiell gefährliche Software Trojan.generic Prozess: C:\USERS\HOME\APPDATA\LOCAL\TEMP\GUM8A0A.TMP\GOOGLEUPDATE.EXE Verdächtig: potentiell gefährliche Software Trojan.generic C:\USERS\HOME\APPDATA\LOCAL\TEMP\GUM8A0A.TMP\GOOGLEUPDATE.EXE 133,0 KB 13.05.2010 10:57:46 |
|
14.05.2010, 20:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Löschen oder nicht löschen, das ist hier die Frage Bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.05.2010, 07:03
| #5 |
| | Löschen oder nicht löschen, das ist hier die Frage Was er hier findet, ist nicht das was Kaspersky in die Quarantäne verschoben hat. Zumal die im Log genannte Datei (Unwise.exe - packer.morphine) noch nie Probleme gemacht hat obwohl ich sie seit Jahren auf dem Rechner hab. hier mal der Logfile von Malwarebytes: Laufzeit: 1 Stunde(n), 10 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: K:\Steinberg\VSTPlugins\Jump EQ\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken. Habe die Datei auf Virustotal auch nochmal checken lassen sicherheitshalber: Datei UNWISE.EXE empfangen 2010.05.15 05:48:49 (UTC) Status: Beendet Ergebnis: 4/41 (9.76%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.05.10 - AhnLab-V3 2010.05.15.00 2010.05.14 - AntiVir 8.2.1.242 2010.05.14 - Antiy-AVL 2.0.3.7 2010.05.14 - Authentium 5.2.0.5 2010.05.14 - Avast 4.8.1351.0 2010.05.14 - Avast5 5.0.332.0 2010.05.14 - AVG 9.0.0.787 2010.05.14 - BitDefender 7.2 2010.05.15 - CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan ClamAV 0.96.0.3-git 2010.05.15 - Comodo 4844 2010.05.15 - DrWeb 5.0.2.03300 2010.05.15 - eSafe 7.0.17.0 2010.05.13 Win32.PCKDumped eTrust-Vet 35.2.7490 2010.05.15 - F-Prot 4.5.1.85 2010.05.14 - F-Secure 9.0.15370.0 2010.05.14 - Fortinet 4.1.133.0 2010.05.14 - GData 21 2010.05.15 - Ikarus T3.1.1.84.0 2010.05.14 - Jiangmin 13.0.900 2010.05.14 - Kaspersky 7.0.0.125 2010.05.15 - McAfee 5.400.0.1158 2010.05.15 - McAfee-GW-Edition 2010.1 2010.05.15 Artemis!F586833209D1 Microsoft 1.5703 2010.05.14 - NOD32 5115 2010.05.14 - Norman 6.04.12 2010.05.14 W32/Smalltroj.WSXQ nProtect 2010-05-14.01 2010.05.14 - Panda 10.0.2.7 2010.05.14 - PCTools 7.0.3.5 2010.05.15 - Prevx 3.0 2010.05.15 - Rising 22.47.04.03 2010.05.14 - Sophos 4.53.0 2010.05.15 - Sunbelt 6304 2010.05.15 - Symantec 20101.1.0.89 2010.05.15 - TheHacker 6.5.2.0.280 2010.05.14 - TrendMicro 9.120.0.1004 2010.05.15 - TrendMicro-HouseCall 9.120.0.1004 2010.05.15 - VBA32 3.12.12.5 2010.05.14 - ViRobot 2010.5.15.2317 2010.05.15 - VirusBuster 5.0.27.0 2010.05.14 - weitere Informationen File size: 339944 bytes MD5...: f586833209d129d8ae62bd1fe63588c3 SHA1..: 4ad406d60308265065b317477a8d362d9d1c0407 SHA256: aff1df4e3e3004885a9c7beff4a8c4c0b527c895e186ea61f93fcc5c9c5593e2 ssdeep: 3072:nOqIJ3IVdYUiA7+Yo9gWuhQl87dQM+SyaCkNPPmhmNKyWZQMAoQBHAU6B6: nnIhIXd+aWkQ+7dNtCMWnyY5QKJ6 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xd841 timedatestamp.....: 0x3d2314d6 (Wed Jul 03 15:14:30 2002) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x11000 0x103b5 6.38 36f0db5917a0babf8ba5ddc1382ae729 .rdata 0x12000 0x2000 0x1f15 5.72 7850c438632985cfd2c33593e4d27ba6 .data 0x14000 0x5000 0x35f8 2.57 061eb982f6d4e5bae500c9c4374c68e2 .rsrc 0x19000 0x3cbd0 0x3cc00 6.46 9106930bb11e10bea374a4ccff04ea01 code1.bi 0x56000 0x1000 0x3e8 4.75 f7eb56708e22f6b63dc4eb96947ca152 ( 7 imports ) > KERNEL32.dll: SetFileAttributesA, FindFirstFileA, FindNextFileA, FindClose, WaitForSingleObject, MoveFileExA, GetVersionExA, CreateDirectoryA, LocalFree, FormatMessageA, GetLastError, SizeofResource, CreateProcessA, RemoveDirectoryA, GetFileAttributesA, GetPrivateProfileIntA, SetErrorMode, GlobalAlloc, GlobalLock, DeleteFileA, FreeResource, WinExec, lstrcatA, LoadLibraryA, GetProcAddress, FreeLibrary, GetWindowsDirectoryA, GlobalUnlock, GlobalFree, OpenFile, lstrcpynA, WritePrivateProfileStringA, MultiByteToWideChar, _lcreat, _lwrite, FileTimeToDosDateTime, GetFileTime, FileTimeToLocalFileTime, GetSystemDirectoryA, _lread, GetDriveTypeA, lstrcmpA, _lopen, _llseek, MulDiv, lstrcmpiA, _lclose, lstrcpyA, GetModuleFileNameA, lstrlenA, CopyFileA, GetTempPathA, GetTempFileNameA, LoadResource, FindResourceA, LockResource, GetPrivateProfileStringA, GetLocalTime, FreeEnvironmentStringsA, HeapReAlloc, UnhandledExceptionFilter, FreeEnvironmentStringsW, VirtualFree, ExitProcess, HeapCreate, HeapDestroy, GetEnvironmentVariableA, ReadFile, SetFilePointer, WriteFile, GetStdHandle, SetHandleCount, SetStdHandle, LCMapStringW, LCMapStringA, WideCharToMultiByte, GetStringTypeW, GetStringTypeA, GetCurrentProcess, TerminateProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, HeapFree, HeapAlloc, MoveFileA, CreateFileA, GetFileType, SetEndOfFile, CloseHandle, GetFullPathNameA, SetCurrentDirectoryA, GetCurrentDirectoryA, SetEnvironmentVariableA, GetEnvironmentStrings, GetEnvironmentStringsW, RtlUnwind, GetCPInfo, VirtualAlloc, GetACP, GetOEMCP > USER32.dll: LoadBitmapA, UpdateWindow, RegisterClassA, SetWindowTextA, wsprintfA, MessageBoxA, GetSysColor, CreateWindowExA, DispatchMessageA, ShowWindow, LoadIconA, KillTimer, DestroyWindow, GetMessageA, ExitWindowsEx, LoadCursorA, SetCursor, EnableWindow, IsWindowVisible, CreateDialogParamA, IsDialogMessageA, PostMessageA, EndPaint, PostQuitMessage, GetClientRect, BeginPaint, ReleaseDC, InvalidateRect, GetDC, DefWindowProcA, MoveWindow, GetWindowRect, SetDlgItemTextA, EndDialog, GetDlgItemTextA, SetRect, ScreenToClient, GetWindowTextA, SendMessageA, SendDlgItemMessageA, GetDlgItem, SetFocus, OemToCharA, DialogBoxParamA, DrawEdge, CharNextA, GetDialogBaseUnits, FillRect, DrawIcon, LoadStringA, GetParent, EnumChildWindows, FindWindowA, DdeCreateDataHandle, DdeInitializeA, DdeCreateStringHandleA, DdeClientTransaction, DdeGetData, TranslateMessage, SetTimer, DdeUninitialize, PeekMessageA, DdeDisconnect, DdeFreeDataHandle, DdeConnect > GDI32.dll: CreateBrushIndirect, TextOutA, SetTextColor, GetTextExtentPointA, CreateFontA, GetDeviceCaps, SetBkMode, BitBlt, GetObjectA, DeleteDC, PatBlt, CreateSolidBrush, CreateCompatibleDC, RealizePalette, SelectPalette, SelectObject, MoveToEx, CreatePen, LineTo, SetBkColor, StretchBlt, ExtTextOutA, CreateCompatibleBitmap, CreateFontIndirectA, GetStockObject, DeleteObject > comdlg32.dll: GetOpenFileNameA > ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegDeleteValueA, RegQueryValueExA, RegEnumValueA, RegOpenKeyExA, CloseServiceHandle, OpenSCManagerA, RegSetValueA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyExA, RegEnumKeyA, RegOpenKeyA, DeleteService, ControlService, OpenServiceA > SHELL32.dll: ShellExecuteA > ole32.dll: CoUninitialize, CoCreateInstance, CoInitialize ( 5 exports ) _ItemDlg@16, _MainWndProc@16, _ProgressDlg@16, _PromptDlg@16, _SharedDlg@16 RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (50.0%) DOS Executable Generic (49.9%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Ich werde nun noch den OTL-Scan durchführen und anschließend posten. Aber wie gesagt, bei der Datei die hier gefunden wurde von Malwarebytes handelt es sich eigentlich nicht um die Datei wofür ich den Thread eigentlich erstellt habe^^ Was sollte ich mit dieser Datei vom Log jetzt machen, wo wir grad dabei sind?^^ Falls ich jetzt "entferne Auswahle" anklicke; ist die Datei dann kaputt oder weg oder nur der Trojaner? Oder kann ich den Fund komplett ignorieren? Geändert von Jogi (15.05.2010 um 07:31 Uhr) |
|
15.05.2010, 13:20
| #6 |
| | Löschen oder nicht löschen, das ist hier die Frage hier noch der OTL-File: Code:
ATTFilter OTL logfile created on: 15.05.2010 13:24:30 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Home\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 30,93 Gb Free Space | 31,67% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 195,31 Gb Total Space | 102,97 Gb Free Space | 52,72% Space Free | Partition Type: NTFS Drive J: | 172,79 Gb Total Space | 109,68 Gb Free Space | 63,48% Space Free | Partition Type: NTFS Drive K: | 232,88 Gb Total Space | 102,40 Gb Free Space | 43,97% Space Free | Partition Type: NTFS Computer Name: HOME-PC Current User Name: Home Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools) PRC - I:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\SysWOW64\ieconfig_1und1_svc.exe () PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\SysWOW64\DeltaIITray.exe () PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) PRC - C:\Program Files (x86)\1&1\StCenter.EXE (AVM Berlin) PRC - C:\Program Files (x86)\1&1\IGDCTRL.EXE (AVM Berlin) PRC - C:\Program Files (x86)\1&1\FwebProt.exe (AVM Berlin) PRC - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Razer Diamondback\razerhid.exe () PRC - C:\Programme\Razer Diamondback\razertra.exe () PRC - C:\Programme\Razer Diamondback\razerofa.exe (Razer Inc.) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) ========== Modules (SafeList) ========== MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\scrchpg.dll (Kaspersky Lab) MOD - C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll (Kaspersky Lab) MOD - C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll (Kaspersky Lab) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (serviceIEConfig) -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe () SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) SRV - (IGDCTRL) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE (AVM Berlin) SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation) DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation) DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation) DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation) DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation) DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation) DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation) DRV:64bit: - (hypaudio) -- C:\Windows\SysNative\DRIVERS\hypaudio64.sys (Universal Audio, Inc.) DRV:64bit: - (hypkern) -- C:\Windows\SysNative\drivers\hypkern64.sys () DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab) DRV:64bit: - (DELTAII) Service for M-Audio Delta Driver (WDM) -- C:\Windows\SysNative\DRIVERS\deltaII.sys (Avid Technology, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (timounter) -- C:\Windows\SysNative\DRIVERS\timntr.sys (Acronis) DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\DRIVERS\snapman.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\DRIVERS\tdrpman.sys (Acronis) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab) DRV:64bit: - (SynUSB64) -- C:\Windows\SysNative\DRIVERS\SynUSB64.sys (SIA Syncrosoft) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.connect.de/connect-Forum/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.teamquitter.com/phpBB2/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.co2air.de/wbb2/index.php?sid=f33f3891c9bcacdfc88dbeedac12b151" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.1 FF - prefs.js..extensions.enabledItems: {c666c018-6409-4479-afa3-68e4129e7eff}:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.06 07:37:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.04 15:42:31 | 000,000,000 | ---D | M] [2010.03.12 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Extensions [2010.05.14 16:58:20 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions [2010.04.27 22:40:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.04 15:43:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.04.21 14:27:55 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2010.04.25 09:56:59 | 000,000,000 | ---D | M] (Leo Search) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\{c666c018-6409-4479-afa3-68e4129e7eff} [2010.04.14 07:24:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\personas@christopher.beard [2010.05.12 11:26:10 | 000,000,807 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Mozilla\FireFox\Profiles\b92n8mu2.default\searchplugins\co2airde.xml [2010.05.09 17:26:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.04 15:42:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [DeltaIITaskbarApp] C:\Windows\SysWOW64\DeltaIITray.exe () O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\DeltaIITray.exe () O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Diamondback] C:\Programme\Razer Diamondback\razerhid.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] I:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL Protect.lnk = C:\Program Files (x86)\1&1\FwebProt.exe (AVM Berlin) O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = C:\Users\Home\AppData\Local\Temp\is-9OJPF.tmp\ATR1.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm () O9:64bit: - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\x64\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\1&1\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\1&1\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: guildwars.com ([wiki] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: schlecker.com ([www1] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: wirmobil.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: xfire.com ([www] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\adialhk.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\r3hook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\r3hook.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{26edb420-057a-11dd-b36b-001d7dd10729}\Shell - "" = AutoRun O33 - MountPoints2\{26edb420-057a-11dd-b36b-001d7dd10729}\Shell\AutoRun\command - "" = K:\pushinst.exe -- File not found O33 - MountPoints2\{f337fd31-a68d-11dd-8a56-001d7dd10729}\Shell - "" = AutoRun O33 - MountPoints2\{f337fd31-a68d-11dd-8a56-001d7dd10729}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.14 22:41:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes [2010.05.14 22:41:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.05.14 22:41:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.05.14 22:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.14 22:35:49 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2010.05.13 10:57:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Google [2010.05.09 17:35:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenOffice.org [2010.05.09 17:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE [2010.05.09 17:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2010.05.09 17:26:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.05.09 17:26:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.05.09 17:26:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.05.06 13:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010.05.06 12:54:34 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\EasyInfo [2010.05.04 15:42:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.05.01 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010.05.01 22:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010.05.01 22:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2010.05.01 20:15:10 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\SecurDisc Key Data ========== Files - Modified Within 30 Days ========== [2010.05.15 13:26:37 | 940,412,988 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat [2010.05.15 13:25:04 | 003,670,016 | -HS- | M] () -- C:\Users\Home\ntuser.dat [2010.05.15 11:43:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.15 11:43:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.15 08:50:11 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.05.15 08:50:11 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.05.14 22:41:52 | 000,000,610 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.14 22:35:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2010.05.14 21:55:17 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EA41D24E-6A00-4B7B-9D5D-2F9623E8719F}.job [2010.05.14 17:51:19 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.05.14 07:43:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.14 07:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.13 23:10:32 | 016,762,556 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx [2010.05.13 23:10:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.05.13 23:10:04 | 000,524,288 | -HS- | M] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TMContainer00000000000000000001.regtrans-ms [2010.05.13 23:10:04 | 000,065,536 | -HS- | M] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TM.blf [2010.05.13 23:09:57 | 005,328,572 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db [2010.05.13 07:03:50 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.05.13 07:03:50 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.05.13 07:03:50 | 000,586,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.05.13 07:03:50 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.05.13 07:03:50 | 000,100,874 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.05.11 17:51:09 | 618,237,396 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.05.09 20:55:27 | 000,107,304 | ---- | M] () -- C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.09 20:53:33 | 000,407,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.05.09 17:46:45 | 000,001,061 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Writer.lnk [2010.05.09 17:46:35 | 000,000,961 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Math.lnk [2010.05.09 17:46:27 | 000,001,067 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Impress.lnk [2010.05.09 17:46:14 | 000,001,023 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Draw.lnk [2010.05.09 17:46:07 | 000,001,025 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Calc.lnk [2010.05.09 17:45:53 | 000,000,987 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Base.lnk [2010.05.06 13:23:30 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.05.06 12:59:14 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk [2010.05.05 09:56:18 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.05.05 09:56:18 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.05.01 22:06:55 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2010.05.01 22:06:55 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Nero Online-Upgrade.lnk [2010.05.01 21:47:18 | 000,524,288 | -HS- | M] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TMContainer00000000000000000002.regtrans-ms [2010.05.01 21:15:15 | 000,524,288 | -HS- | M] () -- C:\Users\Home\ntuser.dat{ab5a5d1a-222e-11dd-b013-001d7dd10729}.TMContainer00000000000000000001.regtrans-ms [2010.05.01 21:15:15 | 000,065,536 | -HS- | M] () -- C:\Users\Home\ntuser.dat{ab5a5d1a-222e-11dd-b013-001d7dd10729}.TM.blf [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.16 22:26:30 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll [2010.04.16 22:26:30 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll ========== Files Created - No Company Name ========== [2010.05.14 22:41:52 | 000,000,610 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.11 17:51:09 | 618,237,396 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.05.09 17:46:45 | 000,001,061 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Writer.lnk [2010.05.09 17:46:35 | 000,000,961 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Math.lnk [2010.05.09 17:46:27 | 000,001,067 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Impress.lnk [2010.05.09 17:46:14 | 000,001,023 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Draw.lnk [2010.05.09 17:46:07 | 000,001,025 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Calc.lnk [2010.05.09 17:45:53 | 000,000,987 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Base.lnk [2010.05.09 17:26:52 | 000,427,554 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI6972.txt [2010.05.09 17:26:46 | 000,011,366 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI6972.txt [2010.05.06 13:23:30 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.05.06 12:59:14 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk [2010.05.01 22:06:55 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2010.05.01 22:06:55 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Nero Online-Upgrade.lnk [2010.05.01 21:20:10 | 000,524,288 | -HS- | C] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TMContainer00000000000000000002.regtrans-ms [2010.05.01 21:20:10 | 000,524,288 | -HS- | C] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TMContainer00000000000000000001.regtrans-ms [2010.05.01 21:20:10 | 000,065,536 | -HS- | C] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TM.blf [2010.04.16 22:26:30 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.04.16 22:26:30 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2009.08.23 08:43:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.07.17 08:10:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.07.17 08:09:16 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest [2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008.05.04 20:32:33 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2008.04.07 11:50:02 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini < End of report > |
|
15.05.2010, 13:24
| #7 |
| | Löschen oder nicht löschen, das ist hier die Frage hier die OTL-"Extras": Code:
ATTFilter OTL Extras logfile created on: 15.05.2010 13:24:30 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 30,93 Gb Free Space | 31,67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 195,31 Gb Total Space | 102,97 Gb Free Space | 52,72% Space Free | Partition Type: NTFS
Drive J: | 172,79 Gb Total Space | 109,68 Gb Free Space | 63,48% Space Free | Partition Type: NTFS
Drive K: | 232,88 Gb Total Space | 102,40 Gb Free Space | 43,97% Space Free | Partition Type: NTFS
Computer Name: HOME-PC
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = DE 56 D9 67 AA 06 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B3588E-340F-4469-BCB3-8B93207E48F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0806C82A-D4B9-4E48-BE95-F1B0A931DF58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08AC1DD6-D3A7-46D3-8924-1282EFF86248}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FF9FB8B-1C24-449F-8D65-0AD2E11B4405}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2764E27B-C759-48A7-B69D-24F16EF3EC12}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2A0C46BE-BB5B-4837-951D-7938FDA786E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{407D38A5-C115-47F3-BA9B-DB781874597B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{41028A36-95B7-4F26-B7A3-447EAB820792}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B0C4134-2D56-44E7-990D-FA60777E6C4D}" = rport=137 | protocol=17 | dir=out | app=system |
"{4E3D64B1-90F5-447A-AB6D-EA53BC580332}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E61AFC1-CBEB-4B27-8A2C-736897B9C6D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FDE4FA1-081C-4BC1-985B-A7CB9006264A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57D18CBF-1EB0-4D09-95EB-636252759FE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88C5BA6D-7142-4743-AECF-EDE095F2EF9C}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C04EA1B-5A65-4AD4-94AB-2D497E5D9233}" = lport=137 | protocol=17 | dir=in | app=system |
"{8F3F8DCF-C382-453A-9412-1DD6D23FCDA5}" = lport=139 | protocol=6 | dir=in | app=system |
"{A48648E3-472E-4B63-8C3A-57B1C12C8FAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4B0349F-6ED6-4C4E-BFF2-5DB68B02A0C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C0F717DB-E156-45BB-B7DD-CDC633C7B231}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CAB7592D-C0D2-4E39-A1DD-278CFF3396BE}" = lport=138 | protocol=17 | dir=in | app=system |
"{D55AE464-F864-41FF-ACF8-DE0E49DD3966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D8CFD0E7-261B-4DA7-BD0C-07812C6C86DC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8D2D3D0-B633-472A-94F6-180A7B44CF4E}" = rport=445 | protocol=6 | dir=out | app=system |
"{EABAACF3-2FAE-4E0A-8E8F-1781918C6CFE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBAB2FE5-B333-4DDE-BF7A-D006AF2CC7F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFF4979E-D937-48F7-A378-CF0B401AE211}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F040700D-644E-49DC-8CA9-E822DE0BB8FF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F217562C-9E32-40BD-A8E6-3578714963DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC937D6E-C481-4E7B-B79E-566C21C78788}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FDB10B9C-D9A6-4CAF-A877-EC4DC9ED04C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EF869A-8AB4-4F6E-92AF-7014BC4A437E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AA363D0-1814-4ABC-A30A-87567C629A7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0B001C89-DA3E-4200-8879-0993D70ED1EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B707E09-511F-4A1E-BDE0-48F9612A7920}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DD2FC91-FAA9-488D-966D-9C40BCE5ED2B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0E43DDC5-EAC3-41CA-BAA7-094CA1303E6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15353E6A-3FCC-4BC6-B4F5-2EB542CE7AFF}" = protocol=17 | dir=in | app=i:\games\avatar\bin\avatardemo.exe |
"{1BCDD61D-CA58-4BBE-9364-148612BA4D8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1BEE8337-E7E8-4A1E-8281-B10C0770A7D1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1E1DD505-D716-4EF6-8A98-C23CD153C313}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F55FF6D-2F57-4423-8FD1-1CAEF5C35E15}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C34A0EF-52CB-4227-B66B-5B7A0ADE513E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{31BC78D1-67AD-4051-9723-D4B15EFC20DF}" = protocol=6 | dir=in | app=i:\programme\ventrilo\ventrilo.exe |
"{3213C264-9A47-4D86-AA24-51EC8DF83D80}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{339B8A8A-93CB-4064-AAFC-74916364D7ED}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{35C853B8-471A-4B09-9F7B-BF2BBEB659A3}" = protocol=17 | dir=in | app=i:\programme\ventrilo\ventrilo.exe |
"{36387850-2850-4680-BD2D-55DB1BD43230}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3ECFC352-0D52-4416-8B08-2A5D03A8D1FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{431AEE70-52F3-48BA-BFD9-8D2AEF74C3D7}" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\igdctrl.exe |
"{435BE2A1-9ACA-4EF0-BBC2-F6DBB35A2CB9}" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\webwaigd.exe |
"{4884E15D-4D72-434A-AEDD-351AA2074009}" = protocol=6 | dir=in | app=i:\games\battlefield 2\bf2.exe |
"{4A749EC9-FD97-4CA2-A448-109C5FB3D7A5}" = protocol=17 | dir=in | app=i:\games\battlefield 2\bf2.exe |
"{57B590E7-C71A-4D08-B0F6-C40134EDD66A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A75033E-D029-426E-84F3-E0966D6F6BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5E6B104A-E539-4A01-8B5F-08525BC45BC9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B51ECA9-A9AB-4D7C-8E08-0CC20DDD7813}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{6DF6715B-C7EF-4665-A501-0CD21556A263}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe |
"{7277B165-8C89-46D1-BDAC-FA398B412B4D}" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\igdctrl.exe |
"{73449233-0018-428D-9CE2-CDC9734672F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{745E4314-1A88-4289-83E6-F1AC2FCE03B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{76A188FC-B9C5-4A3D-943C-DA654D14F018}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{823E3077-7DD0-48FF-B0EB-DC9483CE2920}" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\webwaigd.exe |
"{85A4DBB7-17E6-4BB9-AF8B-9D24208E6F1B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8CA7A660-CDBE-4F3B-8AF2-6DE6B18DD507}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E09D3F9-85CD-4764-A976-3D4C86C12574}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8E8B3FF3-F9B6-4AB8-B56E-332C96458B7D}" = protocol=6 | dir=out | app=system |
"{90924F87-7944-4BF5-ACDE-45F1A7A56DFF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{90FDBDDF-44F6-438A-A399-13F5ED4C4297}" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\fboxupd.exe |
"{94B3CD01-7C86-4F32-AEC5-8A27C8988BA3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{98977B07-B596-407F-8B17-6DD4D88231D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{99A84687-09F2-4D37-8AE2-A2A2C2C49F6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A196B9F8-76A9-4E18-A4FD-A7DBA21AAB18}" = protocol=6 | dir=in | app=i:\games\avatar\bin\avatardemo.exe |
"{A2926A33-E0EE-40AA-9F23-0C58AD4FDF07}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A427D5F8-F0A9-44A4-B8B7-CCFE0A57D091}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A4F8D2ED-EDDF-46FA-B150-A7E30A64CA48}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A8D8F84A-F2ED-4E43-8531-1123B8F979F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B15FEA30-E3CA-4FC2-9CAB-86E023FC75CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8C60CA4-3B74-4BB3-9603-9DBAD245930F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9AAFC9F-6385-4C8B-8959-8EF1C4264CC4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CDF60AE2-5277-4372-A858-BF5D7CA1F1F2}" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\fboxupd.exe |
"{D1C6F22C-E257-4C14-8DB9-5A648FE8F31D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC4D3842-F707-4865-982A-A86E32460403}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD576A09-1C9E-45D3-9207-E813ACEFB370}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E35A4824-9E20-4E31-B9B3-B4D50B36161E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E565E109-289C-48DF-9D17-77DAFC4201D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E9D70615-2471-4B14-92B6-A0ADEA9A0C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{EA610BCB-C447-4A2E-B39C-DA19BA91CBA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB8FD1E8-7417-48C5-A9D9-7D2FBE307BBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F892800E-BA95-4568-89D3-330692834B49}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{0A74DD8C-1B32-48B8-B3A8-C8EF32E044C1}C:\users\home\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{0ADF1526-A0D8-4C8F-A703-A454740E199D}I:\games\quake4.exe" = protocol=6 | dir=in | app=i:\games\quake4.exe |
"TCP Query User{0CAD2C43-0324-4CCA-ABDE-363D24FDFE5F}I:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe |
"TCP Query User{0F783241-1F15-4064-96BB-2EEA21159199}K:\steinberg\cubase 5\cubase5.exe" = protocol=6 | dir=in | app=k:\steinberg\cubase 5\cubase5.exe |
"TCP Query User{12B6B954-F0BE-491B-AEED-EC718E0E560D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{1F8A86B2-0FB2-4F37-A492-0FEAE6A8A28D}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"TCP Query User{2923D5B5-D947-4303-BDB7-8F159F508D3F}C:\users\home\appdata\local\temp\_istmp5.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp5.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{2A8294BF-406A-4297-99DD-91FC4AD98410}C:\users\home\appdata\local\temp\_istmp4.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp4.dir\_ins5576._mp |
"TCP Query User{2ACFA2B4-EA35-4563-9DB5-EADA21A4001D}I:\programme\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=i:\programme\ws_ftp\ws_ftp95.exe |
"TCP Query User{2F8E43AD-FC7F-44DC-A754-8BFBAF4DC86C}C:\users\home\appdata\local\temp\_istmp6.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp6.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{34ACBFE7-664D-4D26-9C34-9E3779E06D04}I:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=i:\programme\icq6.5\icq.exe |
"TCP Query User{35105FB0-C28B-4614-B201-58E8750EBFF2}C:\users\home\appdata\local\temp\_istmp3.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp3.dir\_ins5576._mp |
"TCP Query User{469E6AE9-3F27-4D68-ACBA-97918174B9AE}I:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=i:\programme\icq6\icq.exe |
"TCP Query User{4B46C1F6-7B51-496C-A99E-35B3A8B2F171}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{570B4541-FD19-4AB1-84FB-D207BBD4AF9A}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{5806DCC2-7013-40E2-AD8B-565D58C818A4}I:\games\steam\steamapps\warpath_psy\half-life\hl.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life\hl.exe |
"TCP Query User{59255B83-2D38-431F-A5B5-149F604DE838}I:\games\steam\steamapps\warpath_psy\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life 2 deathmatch\hl2.exe |
"TCP Query User{681509FD-5521-4257-B911-36DFB4DDD6A7}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{6988FC1C-4803-4009-9C1B-8269D16C1CC6}C:\users\home\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{727D3BC9-6F05-4A9A-A9DD-966C5B1F09F3}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{77845C5A-4BBB-423F-806E-4AB3459A195B}C:\program files (x86)\fritz!\friver32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\friver32.exe |
"TCP Query User{7A01C26E-42A2-4B9E-853C-15D4C85CB411}I:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe |
"TCP Query User{825527DF-C4BF-41FE-8E73-508BE5B63E5C}C:\users\home\appdata\local\temp\_istmp7.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp7.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{8611C926-9677-4393-AA20-3F8F7EF5A4CB}I:\games\xfire\xfire.exe" = protocol=6 | dir=in | app=i:\games\xfire\xfire.exe |
"TCP Query User{8B4BDCE1-E3B5-447F-B948-A1012298FF32}I:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=i:\games\diablo ii\game.exe |
"TCP Query User{8CB1C122-1974-4E33-91E2-7152D87C2CA6}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"TCP Query User{8D2AA6DB-67F3-4334-B720-E2ACDAC78705}C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{8DEAE751-934C-4EA1-9653-A0D5C6EE8840}C:\users\home\appdata\local\temp\_istmp4.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp4.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{B06C44F5-8253-4F33-915F-A6CB3A964E03}K:\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=k:\steinberg\cubase 5\components\vstbridgeapp.exe |
"TCP Query User{BD76F527-4B9C-43E5-8545-B0E44BCE1D23}C:\program files (x86)\gmx\gmx multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gmx\gmx multimessenger\messengr.exe |
"TCP Query User{C29F268A-5FC9-4FDD-A1A0-85E1944CA8DA}C:\users\home\appdata\local\temp\_istmp2.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp2.dir\_ins5576._mp |
"TCP Query User{D0E3633E-A742-4FF6-8077-D9EAC051AFDA}C:\users\home\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{DA4529C0-EF60-4EFC-81C9-33FC5E3A9442}I:\games\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=i:\games\downloader_diablo2_lord_of_destruction_dede.exe |
"TCP Query User{DEF6F943-BFFF-4722-AB78-2C4666C52EC8}I:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=i:\games\diablo ii\game.exe |
"TCP Query User{EE09515F-28F2-4EA3-8995-7B8937AF341A}C:\users\home\appdata\local\temp\_istmp7.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp7.dir\_ins5576._mp |
"TCP Query User{F082B608-F4A7-4A30-A413-1A7BAAEB100D}C:\users\home\appdata\local\temp\_istmp5.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp5.dir\_ins5576._mp |
"TCP Query User{F42EBE31-53C2-433D-B2FD-13B1DD81AD42}I:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=i:\games\warcraft iii\war3.exe |
"TCP Query User{F894A2ED-56B3-4357-8C61-8AF2C79405CD}I:\games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=i:\games\battlefield 2\bf2.exe |
"TCP Query User{F8CA00CD-7DFD-4A5D-B07E-EAA31A1F1B9F}C:\users\home\appdata\local\temp\_istmp6.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp6.dir\_ins5576._mp |
"TCP Query User{FAECF3E2-4DAF-40AC-B71C-3E998B410FFD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{FBD57605-EF8B-4B0A-8A96-27BC15110815}I:\games\xfire\xfire.exe" = protocol=6 | dir=in | app=i:\games\xfire\xfire.exe |
"TCP Query User{FD26AFF3-2ADE-4F89-9630-8D85691C7CD6}I:\games\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=i:\games\heroes of newerth\hon.exe |
"TCP Query User{FD8AA67E-B9F7-48E1-BBB6-2D4A19F89910}I:\games\steam\steamapps\warpath_psy\half-life blue shift\hl.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life blue shift\hl.exe |
"TCP Query User{FF2EA000-C0C1-461D-B93D-79BA7A63882F}I:\games\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=i:\games\downloader_diablo2_dede.exe |
"UDP Query User{02712FDB-2BBD-49DD-AB86-5D48B3B44D61}C:\users\home\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{07CD5CB9-4DD4-4A01-B452-C5394AF5DE64}C:\users\home\appdata\local\temp\_istmp7.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp7.dir\_ins5576._mp |
"UDP Query User{08E20376-9AA3-441B-8F15-3619E2B6022F}I:\games\steam\steamapps\warpath_psy\half-life\hl.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life\hl.exe |
"UDP Query User{145F848C-A366-466B-8D28-299C341F76AB}K:\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=k:\steinberg\cubase 5\components\vstbridgeapp.exe |
"UDP Query User{19659E2D-87D6-44D4-A0E5-D2CD85AAD219}I:\games\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=i:\games\heroes of newerth\hon.exe |
"UDP Query User{1D22F437-6A7F-458C-94A6-1A3E224E5B99}I:\games\xfire\xfire.exe" = protocol=17 | dir=in | app=i:\games\xfire\xfire.exe |
"UDP Query User{250121E7-497D-4289-B59D-CD44AB8084D6}I:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=i:\games\warcraft iii\war3.exe |
"UDP Query User{27849146-5B17-4A4D-BE48-3075B96DB278}I:\games\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=i:\games\downloader_diablo2_lord_of_destruction_dede.exe |
"UDP Query User{2795A775-AC22-472C-A124-ECD4D4397A6A}I:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=i:\games\diablo ii\game.exe |
"UDP Query User{2A332ECF-C972-4813-A0F3-79AB92149922}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"UDP Query User{38044DC6-3C58-4E95-A7B3-3FDA556FCE92}C:\users\home\appdata\local\temp\_istmp6.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp6.dir\_ins5576._mp |
"UDP Query User{413C0668-B796-430B-8390-9590877B23E6}I:\games\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=i:\games\downloader_diablo2_dede.exe |
"UDP Query User{47270287-6C6F-4ACF-A0F0-B856C195C830}C:\program files (x86)\gmx\gmx multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gmx\gmx multimessenger\messengr.exe |
"UDP Query User{4F860367-0C2A-4C8B-90E9-263204DB752C}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{61390E3F-11B2-4242-97C7-6EAFF9D4ADDA}C:\users\home\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{6259476B-E1BD-474E-91D2-183DB6F52496}C:\users\home\appdata\local\temp\_istmp5.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp5.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{69D6768C-6382-42B9-828D-22194A4906D5}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{6BA6C5F4-FB21-40B5-8623-E84900D94F1A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{6D4E743D-4215-4BA6-B5A5-79E35141BF7F}C:\users\home\appdata\local\temp\_istmp3.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp3.dir\_ins5576._mp |
"UDP Query User{7CD1B51A-1580-4DB5-B261-B506E51376F6}I:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe |
"UDP Query User{89D9B4CB-C89C-4308-93A8-E99021701E70}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{8FE1A088-171A-4A3F-94E0-CFC925487BE5}I:\games\xfire\xfire.exe" = protocol=17 | dir=in | app=i:\games\xfire\xfire.exe |
"UDP Query User{92412963-4626-4476-A6EF-C8423D945D1C}C:\program files (x86)\fritz!\friver32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\friver32.exe |
"UDP Query User{92676ACC-B628-402F-9B96-6B822D1779F2}I:\programme\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=i:\programme\ws_ftp\ws_ftp95.exe |
"UDP Query User{93BB0996-9081-4A14-823E-BC8D2287ADCA}I:\games\steam\steamapps\warpath_psy\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life 2 deathmatch\hl2.exe |
"UDP Query User{A59DA99B-2EB1-474E-8ABA-572AB6FBA6A5}I:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe |
"UDP Query User{AD909339-1707-40D0-AB9E-8735EBAC8134}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{AF51FCB0-0945-4579-A5DF-07F2C5213E53}C:\users\home\appdata\local\temp\_istmp4.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp4.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{B24F578F-D069-4504-A684-9BB8AB825482}C:\users\home\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{B42CE645-BD02-416F-8335-E6D969C82A63}C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{CD1A32C7-443D-4439-975D-2D2B3A74550E}I:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=i:\programme\icq6\icq.exe |
"UDP Query User{D54AF2B8-4F42-44C7-A9CD-F2989E1A1552}I:\games\steam\steamapps\warpath_psy\half-life blue shift\hl.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life blue shift\hl.exe |
"UDP Query User{D7ECC21F-0EDF-4532-988B-07C291E0FD75}C:\users\home\appdata\local\temp\_istmp5.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp5.dir\_ins5576._mp |
"UDP Query User{DD8958D4-DF96-4D04-846D-8EFC1A2DE2CB}K:\steinberg\cubase 5\cubase5.exe" = protocol=17 | dir=in | app=k:\steinberg\cubase 5\cubase5.exe |
"UDP Query User{DE0966C6-C80C-487E-89A3-A92D9F981F44}I:\games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=i:\games\battlefield 2\bf2.exe |
"UDP Query User{DF2EE792-D1C7-453A-91E3-3C2599A79A5E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{E6A8E70A-8D59-414C-A829-B90AFED91899}I:\games\quake4.exe" = protocol=17 | dir=in | app=i:\games\quake4.exe |
"UDP Query User{E98A718C-7755-46DC-BCA4-2BBD386595B0}I:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=i:\programme\icq6.5\icq.exe |
"UDP Query User{ECB569E4-DC34-41C8-8C27-EDA934242541}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{ECCA6CC9-DB90-466C-9A01-4F4214C018B3}I:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=i:\games\diablo ii\game.exe |
"UDP Query User{F7BD6E2A-8D8E-4CBD-85F0-60E6E7A8532F}C:\users\home\appdata\local\temp\_istmp6.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp6.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{F886EF1B-0594-4BA1-833F-416D18EF136F}C:\users\home\appdata\local\temp\_istmp7.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp7.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{FBEA4EC8-C501-4740-849D-D20BED06DDE4}C:\users\home\appdata\local\temp\_istmp2.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp2.dir\_ins5576._mp |
"UDP Query User{FE3330D3-0EB1-4A70-8AED-6E5BF2ACC5C7}C:\users\home\appdata\local\temp\_istmp4.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp4.dir\_ins5576._mp |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{59427B1F-852F-4AF1-8215-E5B12F966D89}" = Logitech G11 Keyboard Software 1.03
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}" = Steinberg HALionOne 64bit
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{8A9065DA-0293-41DA-A349-16E1A2605F64}" = Steinberg Cubase 5 64bit
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo)
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.007.00
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4346EAEC-E5B0-4102-AF7F-5D074E766D64}" = Audials TV
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BA8FE06-A543-458B-B517-654829A3A458}" = Wayfinder MapLoader
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AEC97C4-ACCF-4759-A524-8E15C478E43B}" = Media Go
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{8046A32C-88A7-45DA-B6D7-B6191E261031}" = Nero 7 Essentials
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1031}" = SecurDisc Viewer
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FDACA5-CD20-4841-B034-A1F25969C75A}" = MyTeammanager with Launch Panel
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6" = AIM
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"ATC for Battlefield 2 Complete_is1" = ATC for Battlefield 2 Complete
"AudioEase Altiverb VST RTAS_is1" = AudioEase Altiverb VST RTAS v6.12
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMWLANCLI" = AVM FRITZ!WLAN
"CDex" = CDex extraction audio
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Diablo II" = Diablo II
"EA Download Manager" = EA Download Manager
"eBay Icon" = eBay Icon
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.20
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GMX MultiMessenger" = GMX MultiMessenger
"Guild Wars" = GUILD WARS
"GuildWars Visions_is1" = GuildWars Visions v1.08
"GW Team Builder_is1" = GW Team Builder 1.2.1
"hon" = Heroes of Newerth
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4
"Kjaerhus Audio - Golden Audio Channel | GAC-1_is1" = Kjaerhus Audio - Golden Audio Channel | GAC-1 v1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.45b
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"paw·ned²" = paw·ned² RC1
"PSP Audioware Nitro v1.0.2" = PSP Audioware Nitro v1.0.2
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"RollerCoaster Tycoon Setup" = Roll
"SlimBrowser" = SlimBrowser (remove only)
"Steinberg HALion Symphonic Orchestra 16-bit Edition" = Steinberg HALion Symphonic Orchestra 16-bit Edition
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"UAD Powered Plug-Ins" = UAD Powered Plug-Ins
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.06.2009 02:52:30 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.06.2009 00:10:13 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.06.2009 00:52:33 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.06.2009 00:53:43 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.06.2009 01:08:38 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.06.2009 12:30:57 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.06.2009 12:59:15 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.06.2009 00:46:11 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.06.2009 08:03:57 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.06.2009 01:35:24 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.05.2010 02:05:32 | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =
Error - 12.05.2010 02:05:32 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.05.2010 02:05:32 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.05.2010 02:05:33 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.05.2010 02:05:33 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.05.2010 00:58:24 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 13.05.2010 05:00:14 | Computer Name = Home-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.05.2010 um 10:56:53 unerwartet heruntergefahren.
Error - 13.05.2010 05:01:45 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.05.2010 05:01:45 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.05.2010 01:45:09 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
16.05.2010, 18:34
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Löschen oder nicht löschen, das ist hier die Frage Bitte poste das Logfile von Malwarebytes komplett, der Kopfbereich das Logs fehlt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.05.2010, 18:51
| #9 |
| | Löschen oder nicht löschen, das ist hier die Frage das hier stand noch drüber, mehr nicht: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4102 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 15.05.2010 07:53:07 mbam-log-2010-05-15 (07-53-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|J:\|K:\|) Durchsuchte Objekte: 343930 |
|
17.05.2010, 10:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Löschen oder nicht löschen, das ist hier die Frage Die Logs sind allesamt unauffällig - ich dneke mal, dass der Kaspersky sich einen Fehlalarm in Google erlaubt hat.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Löschen oder nicht löschen, das ist hier die Frage |
| earth, frage, gemeldet, google, google earth, heute, installation, kaspersky, löschen, nicht löschen, quarantäne, troja, trojan.generic, verschoben |
Löschen oder nicht löschen, das ist hier die Frage
Linear-Darstellung
