Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)

FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)


Plagegeister aller Art und deren Bekämpfung: FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.09.2010, 13:35   #3
Eldrick
 
FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?) - Standard

FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)


Hallo nochmal. Hier die Logs.
Grüße!!
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.09.2010 14:18:54 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\flynico\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.05 Gb Total Space | 13.22 Gb Free Space | 19.15% Space Free | Partition Type: NTFS
Drive D: | 70.00 Gb Total Space | 45.34 Gb Free Space | 64.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLYNICO-PC
Current User Name: flynico
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\flynico\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE (Deutsche Telekom AG)
PRC - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)
PRC - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)
PRC - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\PROGRAM FILES\T-ONLINE\T-ONLINE_SOFTWARE_6\EMAIL\MAIL.EXE (Deutsche Telekom AG, www.t-online.de)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\lxdacoms.exe ( )
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\flynico\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTOnlPktAlyX) -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.02 16:23:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.02 16:23:46 | 000,000,000 | ---D | M]
 
[2009.03.07 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\flynico\AppData\Roaming\mozilla\Extensions
[2010.09.01 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\flynico\AppData\Roaming\mozilla\Firefox\Profiles\zkwfkcxq.default\extensions
[2009.07.01 13:44:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\flynico\AppData\Roaming\mozilla\Firefox\Profiles\zkwfkcxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.09.08 18:32:30 | 000,000,950 | ---- | M] () -- C:\Users\flynico\AppData\Roaming\Mozilla\FireFox\Profiles\zkwfkcxq.default\searchplugins\icqplugin.xml
[2010.09.02 16:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.08.31 20:25:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Fladlg] C:\Users\flynico\AppData\Roaming\Adobe\Update\gethlp.exe ()
O4 - HKCU..\Run: [Getdo]  File not found
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: airberlin.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ilearn24.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: myairberlin.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: myairberlin.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\flynico\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\flynico\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{eca0174f-750a-11dd-933b-00137737cd42}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.03 14:06:46 | 000,000,000 | ---D | C] -- C:\Users\flynico\Bewerbung
[2010.09.03 14:06:45 | 000,000,000 | ---D | C] -- C:\Users\flynico\Lenas Dokus
[2010.09.03 11:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.09.02 15:24:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.02 13:17:24 | 000,000,000 | -H-D | C] -- C:\Users\flynico\car
[2010.09.01 15:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.08.31 20:42:58 | 000,000,000 | ---D | C] -- C:\Users\flynico\AppData\Roaming\Malwarebytes
[2010.08.31 20:42:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.31 20:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.31 20:42:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.31 20:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.31 20:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.08.31 20:24:53 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.31 20:24:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.31 20:24:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.31 20:24:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.31 20:18:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.11 19:08:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 19:08:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 19:08:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 19:08:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 19:08:49 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 19:08:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 19:08:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 19:08:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 19:08:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 19:08:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 19:08:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 19:08:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 19:08:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 19:08:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 19:08:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 19:08:43 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 19:08:38 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 19:08:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 19:07:51 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 19:07:50 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.07 13:25:30 | 000,000,000 | ---D | C] -- C:\Users\flynico\Desktop\schaden
[2009.07.26 21:20:45 | 000,021,504 | RHS- | C] (Microsoft Corporation) -- C:\Users\flynico\AppData\Local\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1q.exe
[2007.09.10 16:01:39 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2007.09.10 16:01:39 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2007.09.10 16:01:38 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2007.09.10 16:01:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2007.09.10 16:01:37 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2007.09.10 16:01:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2007.09.10 16:01:37 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2007.09.10 16:01:37 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2007.09.10 16:01:36 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2007.09.10 16:01:35 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2007.09.10 16:01:34 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2007.09.10 16:01:34 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2006.11.25 00:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.25 00:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.05 14:20:07 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EAC33792-E742-4586-AA1E-7C6F17AA71B4}.job
[2010.09.05 14:19:40 | 003,145,728 | -HS- | M] () -- C:\Users\flynico\NTUSER.DAT
[2010.09.05 14:09:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 14:09:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 14:09:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.05 14:09:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.04 10:30:41 | 000,524,288 | -HS- | M] () -- C:\Users\flynico\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.04 10:30:41 | 000,065,536 | -HS- | M] () -- C:\Users\flynico\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.04 10:30:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.04 10:30:16 | 001,640,177 | -H-- | M] () -- C:\Users\flynico\AppData\Local\IconCache.db
[2010.09.03 11:21:37 | 000,001,874 | ---- | M] () -- C:\Users\flynico\Desktop\HijackThis.lnk
[2010.09.02 16:23:47 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.09.01 22:24:52 | 000,234,279 | ---- | M] () -- C:\Users\flynico\P1020029.JPG
[2010.09.01 19:26:45 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.09.01 11:31:36 | 001,593,226 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 11:31:36 | 000,685,418 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 11:31:36 | 000,642,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 11:31:36 | 000,150,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 11:31:36 | 000,122,462 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 20:42:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.31 15:05:56 | 000,000,209 | ---- | M] () -- C:\Windows\LEXSTAT.INI
[2010.08.31 11:13:31 | 000,008,878 | ---- | M] () -- C:\Users\flynico\Desktop\strom.odt
[2010.08.25 19:50:31 | 000,192,144 | ---- | M] () -- C:\Users\flynico\Desktop\PLAN SEP 10.htm
[2010.08.13 16:14:51 | 122,030,781 | ---- | M] () -- C:\Users\flynico\Documents\Standard_20100813_161405.zip
[2010.08.11 21:41:08 | 000,376,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.09.03 11:21:37 | 000,001,874 | ---- | C] () -- C:\Users\flynico\Desktop\HijackThis.lnk
[2010.09.02 16:23:47 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.09.02 15:46:00 | 000,000,100 | ---- | C] () -- C:\Users\flynico\sxt.txt
[2010.08.31 20:42:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.31 16:20:24 | 000,000,166 | ---- | C] () -- C:\Users\flynico\url.txt
[2010.08.31 10:57:02 | 000,008,878 | ---- | C] () -- C:\Users\flynico\Desktop\strom.odt
[2010.08.25 19:53:58 | 000,192,144 | ---- | C] () -- C:\Users\flynico\Desktop\PLAN SEP 10.htm
[2010.08.23 10:50:45 | 000,000,209 | ---- | C] () -- C:\Users\flynico\ryder.txt
[2010.08.13 16:14:23 | 122,030,781 | ---- | C] () -- C:\Users\flynico\Documents\Standard_20100813_161405.zip
[2010.08.07 13:25:41 | 002,070,118 | ---- | C] () -- C:\Users\flynico\P1020658.JPG
[2010.08.07 13:25:37 | 003,120,631 | ---- | C] () -- C:\Users\flynico\P1020657.JPG
[2010.06.13 18:32:02 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2010.06.13 18:32:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2010.05.17 23:30:03 | 000,000,016 | ---- | C] () -- C:\Users\flynico\AppData\Roaming\qvjsge.dat
[2009.12.04 22:42:04 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.08.19 11:02:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.18 23:15:00 | 000,000,016 | ---- | C] () -- C:\Windows\System32\swsystem.dll
[2009.06.15 01:28:47 | 000,000,054 | ---- | C] () -- C:\Windows\wininit.ini
[2009.06.14 22:28:58 | 000,000,018 | ---- | C] () -- C:\Windows\gfact.ini
[2008.11.30 15:45:01 | 000,006,601 | ---- | C] () -- C:\Users\flynico\AppData\Roaming\mdbu.bin
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.04.11 18:07:09 | 000,001,353 | ---- | C] () -- C:\Windows\vwcmim.ini
[2008.04.11 18:07:09 | 000,000,107 | ---- | C] () -- C:\Windows\odbcisam.ini
[2008.03.06 20:04:49 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.01.12 14:46:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.11.06 22:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007.09.10 16:01:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2007.09.10 16:01:38 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2007.09.10 15:25:03 | 000,000,209 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2007.06.17 17:10:59 | 000,121,344 | ---- | C] () -- C:\Users\flynico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.16 22:18:35 | 000,000,095 | ---- | C] () -- C:\Users\flynico\AppData\Local\fusioncache.dat
[2007.06.16 16:12:19 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.02.28 20:27:59 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.02.28 20:27:59 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.02.28 19:39:32 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.02.28 19:39:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.02.16 02:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2007.01.22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006.11.30 03:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.21 23:43:46 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.09 20:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2006.03.27 11:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2001.11.14 22:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.13 00:00:00 | 001,690,896 | ---- | C] () -- C:\Windows\System32\MSO97V.DLL
[1997.06.13 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.06.13 00:00:00 | 000,016,384 | ---- | C] () -- C:\Windows\System32\MSORFS.DLL
[1997.06.13 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CF5C4195
< End of report >
--- --- ---
-----------------------------------------------------
------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.09.2010 14:18:54 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\flynico\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.05 Gb Total Space | 13.22 Gb Free Space | 19.15% Space Free | Partition Type: NTFS
Drive D: | 70.00 Gb Total Space | 45.34 Gb Free Space | 64.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLYNICO-PC
Current User Name: flynico
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A893703-FFCB-49F7-A220-66830C11A03A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B0617C3-18C6-46DC-A68A-46E636ACAA5B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{475AAC5C-B0FB-4AE7-A80C-F6203CC00EB3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{52C30213-FAF9-4437-86F8-4BBD8E468F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{54B814B2-C083-497C-BF6A-8D46ADDE545C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6928C807-A8EF-4D82-AC84-2C2D8C116AF4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7410A872-7B64-4AA1-85DD-43EB12825AC6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{77427A9D-75D5-4F52-9915-0F34512C3D80}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{778CB21C-2CAB-4CE0-BACF-25607DB49A71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A65E333-160E-40A8-A172-E672002ACEF3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{84C413BA-566B-4035-8D37-B5C4B3DFCB26}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8A3E4F5C-D2B6-40A1-A7FA-BB27A08FF13D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8EE6D524-35AC-4445-871D-DF2C7D8189F4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AFD5437D-82CE-47DE-B881-92782D8E3A7E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C43D5E61-89CD-462B-8F1F-D2B6A13059DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C96C0C41-593A-494C-9A46-3483576C2883}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D199789D-D6D5-4C8A-B45F-7D068035B749}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DE503D09-C48A-4C0F-9879-A9EBAD99503D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FBD22A9E-62F8-47F9-8368-8E8D19F42919}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038ED2E2-D5E0-4D1C-9803-A69FFE926F7A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe | 
"{197D8A8F-4FAC-4EDA-9654-5EA5F32C02D0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe | 
"{39AEE491-3EF3-491F-B005-A24FF5E23A7C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3CDBE5BD-48A1-4078-8956-6413DB043C76}" = protocol=6 | dir=in | app=c:\windows\system32\lxdacoms.exe | 
"{3E95DC6D-DFDD-4BA6-8443-B4BDB3DD277D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4348B537-D044-4568-99FE-089BF1480CB2}" = protocol=17 | dir=in | app=c:\windows\system32\lxdacoms.exe | 
"{5848B9E5-95B5-4C54-833F-24E7DDDEBC4F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5F5C984B-F4F7-41BB-B1D9-E9F3F91B2B7A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{633FA3FF-ADF7-4D5D-A657-48C80A7F8D46}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AC70E631-1BE3-440E-9949-318BAD58D8EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F06D8096-643C-4376-B0C7-2113FC31BAFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{53691D3C-3D68-44E1-83EA-3710E0D79E2F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{775374F4-24CE-43C1-9709-C6C244473BFB}D:\links\linksmmiii.exe" = protocol=6 | dir=in | app=d:\links\linksmmiii.exe | 
"TCP Query User{92707FE6-70F4-4929-AE85-F782E7C324F4}D:\tower\tower.exe" = protocol=6 | dir=in | app=d:\tower\tower.exe | 
"TCP Query User{9EDCB4B9-441C-48BF-BBBD-E047595FBDB7}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{A79DA836-6EFA-41E7-BBF0-DFC22D8F7FFC}C:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe | 
"TCP Query User{B575E1E5-AB89-4FB3-96CE-FC97FFE236E8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{B9BF8950-3E69-4A21-A255-30E869BC144D}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe | 
"TCP Query User{BB57865E-CC8C-40AA-9976-53553E476213}C:\program files\topilotsfq\topilotsfq.exe" = protocol=6 | dir=in | app=c:\program files\topilotsfq\topilotsfq.exe | 
"TCP Query User{BEED5826-9B18-413E-8996-BFF4243F9482}C:\users\flynico\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\flynico\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
"TCP Query User{C676536E-C83D-44B0-9416-300FB68D9957}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{E6768AE5-0226-448F-A73B-AF44743C7C69}C:\users\flynico\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\flynico\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{07204B31-6126-4E13-8D19-1865723438CE}C:\program files\topilotsfq\topilotsfq.exe" = protocol=17 | dir=in | app=c:\program files\topilotsfq\topilotsfq.exe | 
"UDP Query User{0C22D0D8-0ACA-4E5D-9433-7EF3B32622A5}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{1F8BE4FF-E7D8-4B53-84F5-17B5A049E90A}D:\tower\tower.exe" = protocol=17 | dir=in | app=d:\tower\tower.exe | 
"UDP Query User{21C8D739-DF39-499C-876E-3A6E84F68AAC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5B20E064-D030-4400-8A33-A1D85EA86EB6}C:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe | 
"UDP Query User{730038B5-6C59-4605-B703-A802CA5903A0}D:\links\linksmmiii.exe" = protocol=17 | dir=in | app=d:\links\linksmmiii.exe | 
"UDP Query User{764683A5-8671-4E3C-9507-44D461819BCB}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe | 
"UDP Query User{7B964179-E44B-4DC2-8B7A-09A042B73944}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{7BEB8077-B7ED-4DF6-A73C-7E0920ADB82A}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{9DCB9D78-4EDA-4EB0-A3BE-78FD5AE566E6}C:\users\flynico\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\flynico\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{C243489D-9015-48FC-8EAA-55EFDABF8AE7}C:\users\flynico\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\flynico\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0212BFBB-50BA-C4FA-D700-DFBB40A9F1AF}" = Catalyst Control Center Localization Arabic
"{0219FD21-8B2E-240B-3D35-997EE0E3F81B}" = Catalyst Control Center Localization Arabic
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047ACAF8-7642-4940-8EC6-4694E0E60B40}" = CCC Help French
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{06F42C96-A96C-F579-B0FA-F44BBA118C51}" = ccc-core-static
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0BB96994-EA3F-D659-6A3B-D2D73FEBD8E4}" = ccc-utility
"{0C1D06CD-D5D1-A718-5C8F-27D089C5C39C}" = Catalyst Control Center Localization Finnish
"{0DF36AB1-1B4C-CAEC-A23E-EFA25738B60A}" = CCC Help Greek
"{110D7DC8-9237-47D3-AB39-50651A10304C}" = SamsungScreensaver
"{12080F61-1225-BCDE-EFE2-3452E826D9AD}" = Catalyst Control Center Graphics Light
"{143539DF-6F6E-9E25-3EDF-0906C7F533B7}" = CCC Help Korean
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{148806DB-3E2E-4A2E-D7F8-223EFA43C350}" = Catalyst Control Center Graphics Full New
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20CD8D4B-74ED-BED9-805C-6F4FBE6B4F01}" = ccc-localization-da
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31ACBC65-C234-BD71-3FCE-520EC0138635}" = CCC Help Norwegian
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = Microtek FineReader OCR Engine
"{3AB54293-0366-7D73-D97E-3DB689A72E4A}" = CCC Help Danish
"{3DC4A72C-B683-5733-8A2C-136FBB5619D6}" = Catalyst Control Center Localization German
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{47EDD638-F882-A248-FBA5-B0CCBB9175D8}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4D6125BF-2586-9175-24FE-854DD6F6F08F}" = CCC Help Hungarian
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52FE8F38-057E-26C5-DF29-935DE6E218E0}" = Catalyst Control Center Localization Japanese
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5579A7B8-F48A-C2F5-75D0-F67CDFD68461}" = Catalyst Control Center Core Implementation
"{5A4BB8B6-8BE7-A8AF-528C-55A50DD18497}" = Catalyst Control Center Localization Arabic
"{5AA05616-21D6-63D5-CA68-73200B161599}" = CCC Help Czech
"{5E99C53A-D37E-CEA5-0398-329F15494618}" = Catalyst Control Center Graphics Full Existing
"{64536DB8-3247-4489-6BC3-BCD0DCC74810}" = Catalyst Control Center Localization Spanish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BD4EDE4-053E-FC85-AFC2-58306952BDBD}" = Catalyst Control Center Localization French
"{6F6D2DE6-44FA-EAF4-0028-7FAE37A76B4C}" = CCC Help Turkish
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{78E2F10D-4A74-A354-3D41-CF439A501AE5}" = CCC Help Italian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{8448A09D-0E2A-4EFA-6A16-AFA374AE088F}" = Catalyst Control Center Graphics Previews Vista
"{87858FF1-3D1C-301A-0C62-62F977659969}" = Catalyst Control Center Localization Italian
"{8799B11A-0E01-1729-B527-802A3513BEE7}" = CCC Help Polish
"{8A51FE4C-7DC6-8C9B-67D7-8536B7413BFE}" = Catalyst Control Center Localization Korean
"{8A92CE03-CEEB-145D-1F8D-FBC0DDE0CDEF}" = CCC Help Finnish
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ED71B2B-8228-EFF8-B566-890D771A6A98}" = CCC Help Swedish
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{903194A5-E1E4-E56B-8B3C-C52664CD6A65}" = CCC Help Japanese
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95CCAA64-028C-FF26-B553-3401EA3B137B}" = CCC Help Chinese Standard
"{98C0E007-7225-550C-BD4D-16A53171FA5B}" = CCC Help Chinese Traditional
"{99825ADC-3BAC-40C6-3FA1-A80496C5FE4D}" = CCC Help German
"{99FBF341-96A4-6E6B-F098-F5318F74FD8B}" = Catalyst Control Center Localization Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEE384F-4CEB-9FD4-0ECA-5A2A5FF3FC65}" = Catalyst Control Center Localization Arabic
"{A0A703E5-975D-8426-B654-A3C86EEA771F}" = Catalyst Control Center Localization Greek
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3400
"{A2E2B102-C07F-2D6A-F826-FBE911583029}" = Catalyst Control Center Localization Arabic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB8465B2-8971-83AA-72AC-08C870CAB14B}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B57D54D5-BE8F-152A-3DDA-2CCC34916ABB}" = Catalyst Control Center Localization Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C2F84222-A797-3ADB-F73F-F9FEA356365E}" = Catalyst Control Center Localization Chinese Standard
"{C5DC24CC-98D8-3714-20DE-F3154692CAC1}" = CCC Help Portuguese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D6339BC5-BD2E-580C-0A9E-EF09B768C891}" = CCC Help Thai
"{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}" = OpenOffice.org 2.3
"{DDFA8768-E4A8-4EFA-637B-DF23DC3EFD04}" = Catalyst Control Center Localization Chinese Traditional
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF1F4246-C7DF-7C15-6BBD-211E768EB715}" = Catalyst Control Center Localization Arabic
"{E481BC06-6BBB-093B-728A-C8EEB98E1E47}" = Catalyst Control Center Localization Arabic
"{E49D5F5B-7CEF-4A0D-B1A3-F1DA5B1DBC67}" = London Control
"{E5BED6AE-BEF7-8504-38DB-F881A526F5C2}" = Skins
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.9
"{EC69E8A3-A20F-E735-968A-CE6D4E1FA857}" = CCC Help Russian
"{ED8EACD0-3B35-AA21-DA10-6372AB6D19CA}" = CCC Help Dutch
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF602681-E2E7-9FFF-9752-3B0F8E7D38F1}" = Catalyst Control Center Localization Arabic
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"FLVPlayer" = FLV Player 1.3.3
"FreePDF_XP" = FreePDF XP (Remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Lexmark 640 Series" = Lexmark 640 Series
"Links 2003 (Downloadable Version)" = Links 2003 (Downloadable Version) (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROHYBRIDR" = 2007 Microsoft Office system
"PSP Video 9" = PSP Video 9 5.04
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SkyTest® Piloten Edition_is1" = SkyTest® Piloten Edition 2.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ToPilots FQ-Trainingssoftware_is1" = ToPilots FQ-Trainingssoftware 2.0
"TP-LH-FQ Software22.1" = TP-LH-FQ Software
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Power Loader" = Power Challenge Game Plugin
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.09.2010 16:44:50 | Computer Name = flynico-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 16:44:50 | Computer Name = flynico-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 16:45:54 | Computer Name = flynico-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 03.09.2010 16:47:22 | Computer Name = flynico-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 03.09.2010 16:52:58 | Computer Name = flynico-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.09.2010 04:12:24 | Computer Name = flynico-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 04.09.2010 04:17:05 | Computer Name = flynico-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.09.2010 04:17:05 | Computer Name = flynico-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 08:10:48 | Computer Name = flynico-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 08:10:48 | Computer Name = flynico-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 03.09.2010 09:22:23 | Computer Name = flynico-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.09.2010 09:28:57 | Computer Name = flynico-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.09.2010 16:52:57 | Computer Name = flynico-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.09.2010 04:12:14 | Computer Name = flynico-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.09.2010 04:12:20 | Computer Name = flynico-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.09.2010 04:12:20 | Computer Name = flynico-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 04.09.2010 04:12:24 | Computer Name = flynico-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.09.2010 04:12:28 | Computer Name = flynico-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.09.2010 04:12:39 | Computer Name = flynico-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.09.2010 04:30:19 | Computer Name = flynico-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
--- --- ---
__________________
 

Themen zu FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)
.dll, 0 bytes, adobe, antivir, audiodg.exe, bho, bitte um hilfe, c:\windows\system32\services.exe, defender, desktop, downloader, dwm.exe, email, eudora, explorer, firefox, firefox.exe, helper, java/agent.m.1, jusched.exe, keine rückmeldung, kernel.exe, local\temp, maßnahme, nt.dll, ntdll.dll, password.stealer, plug-in, registry, rundll, scan, services.exe, software, svchost.exe, system, temp, versteckte objekte, verweise, virus gefunden, vista, warnung, winlogon.exe, wuauclt.exe


« 20 tans werden abgefragt onlinebanking => rootkit? | Foto :D http://imgs-facebook.com/photo_id.php // hab leider den Trojaner auf dem Notebook »


Ähnliche Themen: FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)


  1. Unter Firefox friert Vista ein - oder doch ein Vista Explorer Problem?
    Alles rund um Windows - 10.11.2015 (24)
  2. GVU-Trojaner (Vista + Abgesicherter Modus fährt nach Start wieder herunter)
    Log-Analyse und Auswertung - 14.08.2013 (15)
  3. JAVA/Agent.2212 und alle Programme stürzen ab
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (22)
  4. Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C
    Plagegeister aller Art und deren Bekämpfung - 13.11.2010 (18)
  5. Win Vista wird automatisch runtergefahren, Firefox öffnet erst nach langer Wartezeit, JAVA/Agent.M.1
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (5)
  6. PC fährt automatisch herunter
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (13)
  7. Java Viren, Trojan.Agent,... + Vista Uhrzeit Problem
    Plagegeister aller Art und deren Bekämpfung - 27.09.2010 (17)
  8. Windows fährt selbstständig herunter ...
    Log-Analyse und Auswertung - 02.12.2009 (1)
  9. Pc fährt andauernd herunter!
    Mülltonne - 19.06.2008 (0)
  10. Firefox hängt, PC fährt nicht herunter, PC ist voll ausgelastet...
    Log-Analyse und Auswertung - 25.12.2007 (0)
  11. Rechner fährt herunter
    Alles rund um Windows - 16.12.2007 (3)
  12. Pc fährt automatisch herunter
    Plagegeister aller Art und deren Bekämpfung - 16.12.2007 (4)
  13. PC fährt ohne Vorwarnung herunter.
    Alles rund um Windows - 31.07.2007 (2)
  14. PC fährt von selber herunter!!
    Plagegeister aller Art und deren Bekämpfung - 14.05.2007 (3)
  15. PC fährt selbstständig herunter!
    Alles rund um Windows - 12.03.2006 (6)
  16. Pc fährt von selbst herunter
    Log-Analyse und Auswertung - 23.02.2006 (5)
  17. Virus fährt Computer herunter?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2005 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?) - Hallo nochmal. Hier die Logs. Grüße!! OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 05.09.2010 14:18:54 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = - FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)...
Archiv
Du betrachtest: FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131