Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: suchmaschinen virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.11.2010, 00:40   #1
nivram
 
suchmaschinen virus? - Standard

suchmaschinen virus?



kann seit ca 1 Woche nicht mehr in google und auch yahoo vernünftig suchen
wen ich nach etwas suche und auf den link drücken seht in der adresszeile die angebende seite die ich auch gesucht habe nach einer Sekunde kommt dann eine andere seite z.B.
h**p://208.94.233.34
h**p://www1.smart-drivekeeper.com
h**p://wwwcatholicsaints.com/
h**p://find-here.net/
als die nix mit meiner suche zu tun hat
auf web.de und Lycos funktioniert die suche aber.

manchmal kommt auch eine Fehler Meldung von Adobe "Es ist ein Problem mit Adobe Acrobat/Reader aufgetreten. Beenden Sie Adobe Acrobat/Reader und versuchen Sie es erneut"
weis nicht ob das damit auch was zu tun hat
hier mal HijackThis Auswertung


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:24:40, on 21.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Progs\virtualCloneDriver\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
D:\Progs\torrent\uTorrent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\Internet\INETPR~1\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10g_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Users\Marvin\Documents\konni\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Progs\Adobe CS 5 Master\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Adobe Reader - {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} - C:\Users\Marvin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Progs\Adobe CS 5 Master\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TQ566808] "E:\Setup.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Progs\virtualCloneDriver\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Internet\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "D:\Progs\torrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Progs\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "D:\Progs\WebcamMax\WebcamMax.exe" -a
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "D:\Internet\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [{7D1BC36A-8A77-52B0-93D2-837B92459014}] C:\Users\Marvin\AppData\Roaming\Dufu\nyuc.exe
O4 - Startup: AdbUpd.lnk = Marvin\AppData\Roaming\Adobe\AdobeUpdate.exe
O4 - User Startup: winhelp.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Internet\InetProgramme\\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Internet\InetProgramme\\ICQ6.5\ICQ.exe
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - hxxp://128.97.43.214/activex/decoder/mpeg4_dec.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - hxxp://129.57.20.46:1497/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9dba87f9f5960) (gupdate1c9dba87f9f5960) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Internet\Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Progs\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9997 bytes

Alt 21.11.2010, 11:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
suchmaschinen virus? - Standard

suchmaschinen virus?



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 21.11.2010, 15:10   #3
nivram
 
suchmaschinen virus? - Standard

suchmaschinen virus?



hier schonmal der OTL scan
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 21.11.2010 14:59:34 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Marvin\Documents\konni
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,01 Gb Total Space | 10,14 Gb Free Space | 12,21% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 33,07 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Drive E: | 2,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARVIN-NB | User Name: Marvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Progs\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Progs\Adobe CS 5 Master\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Progs\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0270C624-2586-484F-A445-07452FE60E9B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{03A8D4A4-3727-4602-8D3E-7C7E30A9FB6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{08AA836F-E71A-43CC-8DF5-0B7DCEBF94C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{19EF81C4-2915-44A7-921F-335C596AE7C3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1F45751D-E7D2-4576-9A54-DA3CF6D55E61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2A7848F5-603A-427D-AD3B-C5CC393E3EE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D2AED91-E87D-4FC3-80D3-666A36F2BEF2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2D65D2FA-37DF-4898-BCB4-4BF463A27BFE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{317B38FF-D3A4-4B6F-BF40-2D0E21ACBF86}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3B8A4F87-1E40-4369-AF51-DFC63C40BFBE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{481D5258-FF49-48E5-89E8-20ADA2953FD0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{523CB7C6-067F-42F3-9A18-EE7121E6F159}" = lport=445 | protocol=6 | dir=in | app=system | 
"{57DDD056-F615-44D4-A7A4-F88E474C00D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5DBB523E-4BE4-41AF-A938-4B7A27F7ECBA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6D728D35-7476-47DA-B5F0-A2AE967ED5E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8239AA72-16FB-41D6-9325-B62D67F392FE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8A2B14F8-EDAC-4920-8FAF-4D7FBE25E806}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C5E3AC8-8038-4016-94FE-65CFF7B4FBEB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8DBE744C-BD27-4534-BDA0-948C19753969}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8DCB8974-CE98-4ED1-8DDB-32EFD3158027}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8E07F1A5-CE15-43AA-8A00-041F612DC369}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9C7EBCE6-65DB-4E4B-A840-F2B99899CA6F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AAF2439E-7499-4B4C-A902-8D4BE150F80C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B2DE247F-9D30-4C4D-9211-ADA2944A8E45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5EB085B-DA65-490B-AFF9-9B30345A7A8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C6AF776C-3E0B-43BA-8333-DE80F6E884D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D4725856-AA66-412F-8944-E8AC7472F4E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4AEF445-6BCD-43D4-BA91-9F5EE8668D49}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E8A118AD-2988-4283-BA0D-50034CF698B3}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0315B9A1-D1FD-4519-A375-07C4D9644E53}" = protocol=17 | dir=in | app=d:\spiele\wolfenstein\mp\wolf2mp.exe | 
"{03CC20B8-3DEC-4BF4-BB01-E9604C4383BF}" = protocol=17 | dir=in | app=d:\spiele\burnout paradies\burnoutparadise.exe | 
"{04C0BE7C-B99B-4205-992B-34C2597629B2}" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe | 
"{055D5FE7-5C68-4971-93EF-6C7B4F924F5E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{0867116F-4C6C-490A-89B4-9C2E0BA426AE}" = protocol=6 | dir=in | app=d:\progs\torrent\utorrent.exe | 
"{0ED3224E-7F89-4A85-9BBB-471F0B0DEA1D}" = protocol=17 | dir=in | app=d:\spiele\gta4\rockstar games social club\rgsclauncher.exe | 
"{0FD488E4-A580-487F-9185-7361FC2932C1}" = protocol=6 | dir=in | app=d:\spiele\anno1404\anno4.exe | 
"{1088F314-08E4-40A1-A28D-B61F0B0861DE}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{10C40553-B1BD-4A7B-BD6C-808FF2A41C4E}" = protocol=6 | dir=in | app=d:\spiele\wolfenstein\mp\wolf2mplite.exe | 
"{150F7241-0F4A-4D14-84BB-7C820A8BB1E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{15C9D5B2-35C8-4AB1-BA21-CFA5711FE506}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17FE7874-7951-4FBE-A628-E15A2E565726}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B69EDE9-E1EB-45BB-A945-ECD127BD82A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{224CA762-D72A-4333-802E-E5BEC295E28F}" = protocol=6 | dir=in | app=d:\spiele\bionic\bionic commando\support\cap1-0101.exe | 
"{2E3FB477-29A6-473A-873E-86D12D578F24}" = protocol=17 | dir=in | app=d:\spiele\gta4\grand theft auto iv\launchgtaiv.exe | 
"{2FB57DEA-BAAD-479E-B49B-D62EFA199C6F}" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{30A77B67-71E2-4258-B86D-56BE0A664CEF}" = protocol=6 | dir=in | app=d:\spiele\fear\fearxp2.exe | 
"{31740870-8E2E-4FED-83F1-86E8EEF10005}" = protocol=17 | dir=in | app=d:\spiele\bionic\bionic commando\support\cap1-0101.exe | 
"{3A4E05AC-6F49-4BBA-81A2-226A13B2DB1B}" = protocol=6 | dir=in | app=d:\spiele\moh\airborne\unrealengine3\binaries\moha.exe | 
"{3DFF0D7A-D71B-44E2-AF60-61F2DC72C9AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46D5E2FF-5573-4F80-AF4D-BCBD7AD9FE92}" = protocol=6 | dir=in | app=d:\spiele\gta4\grand theft auto iv\launchgtaiv.exe | 
"{47964B51-7245-481F-826E-3487A50134E7}" = protocol=17 | dir=in | app=d:\spiele\burnout paradies\burnoutconfigtool.exe | 
"{47B3DAF8-F8E2-4BF0-BD92-24EF4F204C3D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4A40DF77-B26C-47F3-A22F-553DAE1D0D4E}" = protocol=6 | dir=in | app=d:\internet\steam\steam.exe | 
"{4AE662E0-4A86-4761-9DF5-DFFB9C013947}" = protocol=17 | dir=in | app=d:\spiele\anno1404\anno4.exe | 
"{4C8BDD8B-4191-428E-9A55-A76B89EBA08F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{4DFDF970-567C-4349-AE29-251A62552558}" = protocol=58 | dir=in | app=system | 
"{4EEF2951-6CD4-4FED-8D48-C32518912A0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4FC26A36-20E1-4F19-9E4E-07CC45AFC89C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5095BF6A-BA01-40FA-AD70-1A91FFA0CCFA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{536A3FD0-D170-4926-A759-34A1C986714E}" = protocol=6 | dir=in | app=d:\spiele\bionic\bionic commando\bionic_commando.exe | 
"{55AC08FA-0C28-4F51-9E88-A86AD9A118C2}" = protocol=6 | dir=in | app=d:\spiele\burnout paradies\burnoutconfigtool.exe | 
"{590F3124-E237-4903-837B-89AEEDCF540D}" = protocol=6 | dir=out | app=system | 
"{5A20723C-CAAF-48A0-921D-32E2775EFC47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C4295EC-C198-4339-AB81-BCD895933690}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{670B90DF-C380-4B83-BC80-EAC862799B19}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6EFDF20C-3265-4E0F-9FB6-CA0E6BBD6B12}" = protocol=17 | dir=in | app=d:\spiele\wolfenstein\mp\wolf2mplite.exe | 
"{75F1A430-A409-476F-A6BE-3E0CDE630ADF}" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{7BC959C6-58EC-47CB-B910-AD7AA2605A8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C865898-8A39-40A6-8A7A-28C2A44B0E37}" = protocol=6 | dir=in | app=d:\spiele\burnout paradies\burnoutparadise.exe | 
"{7F81314F-C920-47E9-99B1-E3EAEE4071D8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{867D113D-CA37-4641-B8DD-36645129583E}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{86E5C93C-663A-420F-9C6F-EBC313D236BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8CAA82E6-F4EE-4B47-AE39-18499737E1BA}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{8E18CD0C-66AF-4E0E-8113-B3200140D0D5}" = protocol=17 | dir=in | app=d:\spiele\moh\airborne\unrealengine3\binaries\moha.exe | 
"{8F74C674-09EE-41A1-A83E-E81FF8B0B82B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{9483FDB7-46FE-445F-A155-1D441E995C3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{951EE976-6AD4-416D-9D97-77881BCD6540}" = protocol=17 | dir=in | app=d:\spiele\burnout paradies\burnoutlauncher.exe | 
"{95BF74CC-6A41-41A7-B95A-8862A416C492}" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe | 
"{9AEB1A81-118C-45F7-822D-93918014A8A0}" = protocol=17 | dir=in | app=d:\spiele\bionic\bionic commando\bionic_commando.exe | 
"{9B265532-A06F-4E21-936B-6DA1EACF7D26}" = protocol=17 | dir=in | app=d:\internet\steam\steam.exe | 
"{A1C2CDC2-316B-4020-9B8C-041A796CB5BB}" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{A43994A0-E307-4637-B298-88F59C77A9F5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{A4C1E710-76FA-45BF-94E9-4A49D58FF1BF}" = protocol=17 | dir=in | app=d:\spiele\fear\fearxp2.exe | 
"{A64E191D-4270-43CF-956F-04F49FFCE1D4}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{A96636E3-BA5E-42EC-9AED-3608ABAD2D21}" = protocol=17 | dir=in | app=d:\progs\torrent\utorrent.exe | 
"{B183274E-46F7-44B0-836B-A68D3A24AF04}" = protocol=6 | dir=in | app=d:\spiele\burnout paradies\burnoutlauncher.exe | 
"{BD2C76A1-B31A-4BCB-81E9-6D9B7259707F}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{C3E011E1-D7FC-40FD-B556-65918E045E47}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{CC0BF139-A8CD-4253-8C80-4E1539D2C08B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D02F346B-A339-4894-AB38-15859796E0DD}" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{DE394C01-2703-4D3A-B28D-7518DC37E9FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E21F9D57-F5F0-4065-9CDA-E93A937AB205}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{EC4982CC-51F9-478B-9A8F-A16A92E4C002}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{EE4EBB11-D2FB-4817-93A6-74DB6C6FFCDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2D16576-4AB6-47AF-82D3-3DA3AD9E048D}" = protocol=6 | dir=in | app=d:\spiele\gta4\rockstar games social club\rgsclauncher.exe | 
"{FEF022A0-52BD-4BCA-B619-5530E051C491}" = protocol=6 | dir=in | app=d:\spiele\wolfenstein\mp\wolf2mp.exe | 
"TCP Query User{086EB55B-8DBE-4240-9490-C83982B26498}D:\spiele\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=d:\spiele\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{0B418ED6-A1E6-4044-BC6F-51E53489423A}D:\internet\inetprogramme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\internet\inetprogramme\icq6.5\icq.exe | 
"TCP Query User{19DEAF8D-EE25-45E3-AE5B-0508B316D419}D:\spiele\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=d:\spiele\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{1D1D7E14-119A-4F6A-B963-E8FED5EF4A02}D:\spiele\setup\counter-strike 1.6\hltv.exe" = protocol=6 | dir=in | app=d:\spiele\setup\counter-strike 1.6\hltv.exe | 
"TCP Query User{22C5B432-EF51-4560-8773-8A2CC3B4110F}D:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\link\2\vbaserver.exe" = protocol=6 | dir=in | app=d:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\link\2\vbaserver.exe | 
"TCP Query User{23EAFDC5-9155-4093-8CA0-2481605CB39D}C:\windows\system32\presentationhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\presentationhost.exe | 
"TCP Query User{27E0E151-B9BE-4E89-837A-5A7137CD4732}C:\users\marvin\appdata\local\temp\rar$ex00.033\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\marvin\appdata\local\temp\rar$ex00.033\ipcurve\ipcurve.exe | 
"TCP Query User{2CE5ACE9-90AA-4337-9F04-03C01DA42FE6}D:\spiele\setup\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\spiele\setup\counter-strike 1.6\hl.exe | 
"TCP Query User{2F0FCD9E-6F6B-4A9A-8DA2-A79EB9B34EFC}D:\spiele\gta4\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\gta4\grand theft auto iv\gtaiv.exe | 
"TCP Query User{3085A9F0-B1A4-47B6-9B64-9E4E25EB3279}D:\spiele\gta4\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\gta4\grand theft auto iv\gtaiv.exe | 
"TCP Query User{39969885-D36F-4CF6-B774-C1C2C69E5DC7}D:\spiele\cod mw2\iw4mp.exe" = protocol=6 | dir=in | app=d:\spiele\cod mw2\iw4mp.exe | 
"TCP Query User{3FE7CD96-FA10-4C60-A166-613CED499CE8}I:\programme\bf\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=i:\programme\bf\battlefield 2\bf2.exe | 
"TCP Query User{59336846-6B96-42A3-85F9-F4A86791B336}D:\spiele\setup\counter-strike 1.6aaa\hltv.exe" = protocol=6 | dir=in | app=d:\spiele\setup\counter-strike 1.6aaa\hltv.exe | 
"TCP Query User{65111D6B-4D6F-4D72-A8DC-154C6F9EBE4A}C:\users\marvin\desktop\pokemon\1.8\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\marvin\desktop\pokemon\1.8\visualboyadvance.exe | 
"TCP Query User{73965393-73C2-477F-AB8A-72642C3ECAB1}D:\spiele\c+c\game.exe" = protocol=6 | dir=in | app=d:\spiele\c+c\game.exe | 
"TCP Query User{79C07555-124D-474E-9604-F16CD1BD0F54}C:\users\marvin\desktop\pokemon\2\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\marvin\desktop\pokemon\2\visualboyadvance.exe | 
"TCP Query User{7F0F3DE9-2F66-4303-A4FC-1E00BC846043}D:\spiele\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steamless counterstrikesource pack\hl2.exe | 
"TCP Query User{8121CEC9-99D5-47E0-B3C4-5889C23EA484}D:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\link\2\vbaserver.exe" = protocol=6 | dir=in | app=d:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\link\2\vbaserver.exe | 
"TCP Query User{82FCCE72-16B6-4CFC-9A83-DC4724798AEB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{83395489-5954-4546-A382-A23861D0516B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{8A8418DD-E22B-4E32-BFC9-4C1B04304850}D:\internet\inetprogramme\cain\cain.exe" = protocol=6 | dir=in | app=d:\internet\inetprogramme\cain\cain.exe | 
"TCP Query User{8C797928-E419-404A-A55D-F6E68F49CCFF}D:\spiele\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steamless counterstrikesource pack\hl2.exe | 
"TCP Query User{989DA8BF-7BB9-4D20-BA90-48A98C416028}D:\spiele\setup\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\spiele\setup\counter-strike 1.6\hl.exe | 
"TCP Query User{98A07930-BB8D-44AE-BD93-E941DB1479F5}J:\programme\bf\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=j:\programme\bf\battlefield 2\bf2.exe | 
"TCP Query User{9C1E0A77-9488-407E-94BF-C8E3E3ED0EB0}D:\spiele\moh\pacificassault\mohpa.exe" = protocol=6 | dir=in | app=d:\spiele\moh\pacificassault\mohpa.exe | 
"TCP Query User{9C989B52-6441-4AF0-A22F-F2F24F5A6012}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{9D1606AF-C796-4A09-8D13-7770A81A0133}D:\progs\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\progs\vlc\vlc.exe | 
"TCP Query User{9E5C4C18-57FF-4E03-BEBF-9AC513BE0D24}D:\spiele\setup\counter-strike 1.6\hlds.exe" = protocol=6 | dir=in | app=d:\spiele\setup\counter-strike 1.6\hlds.exe | 
"TCP Query User{B1C57EFF-7215-421B-85D4-7FE5C89AA536}D:\spiele\c+c\game.exe" = protocol=6 | dir=in | app=d:\spiele\c+c\game.exe | 
"TCP Query User{B31D7D1C-64B5-47DC-AEB2-D66D6942F188}D:\spiele\c+c\mph.exe" = protocol=6 | dir=in | app=d:\spiele\c+c\mph.exe | 
"TCP Query User{B392A6CB-6584-437D-8F7C-1E430417CA6E}D:\spiele\wolfenstein\mp\wolf2mp.exe" = protocol=6 | dir=in | app=d:\spiele\wolfenstein\mp\wolf2mp.exe | 
"TCP Query User{B52AB57E-79E9-40A9-B38B-474D27C8BFA4}D:\internet\inetprogramme\cain\cain\cain.exe" = protocol=6 | dir=in | app=d:\internet\inetprogramme\cain\cain\cain.exe | 
"TCP Query User{B5D19F52-4264-4127-A5AD-FF934DC32230}D:\internet\inetprogramme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\internet\inetprogramme\icq6.5\icq.exe | 
"TCP Query User{BC912848-FBA1-416E-8731-387B1F6E15D8}C:\users\marvin\desktop\pokemon\2\vbaserver.exe" = protocol=6 | dir=in | app=c:\users\marvin\desktop\pokemon\2\vbaserver.exe | 
"TCP Query User{C7BD4113-7A5C-4A8E-911B-0590174BF288}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D3B0854C-D809-46A6-AB2E-D687327353C6}D:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\visualboyadvance.exe" = protocol=6 | dir=in | app=d:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\visualboyadvance.exe | 
"TCP Query User{D9FFE8C2-7AC0-4B6C-BEE1-F28612AE495B}D:\spiele\anno 1503\1503startup.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1503\1503startup.exe | 
"TCP Query User{E1A18A83-E43D-49AC-A427-F0F229A6E7C7}C:\users\marvin\appdata\local\temp\rar$ex15.705\bifrost_1.2.1_unpacked\bifrost.exe" = protocol=6 | dir=in | app=c:\users\marvin\appdata\local\temp\rar$ex15.705\bifrost_1.2.1_unpacked\bifrost.exe | 
"TCP Query User{E5815F02-4022-407D-991F-615A564D68F6}D:\progs\hack\prorat_1.9_se\proconnective.exe" = protocol=6 | dir=in | app=d:\progs\hack\prorat_1.9_se\proconnective.exe | 
"TCP Query User{EDEF7D69-A3B3-423E-84A5-94ACD7D517FF}D:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\visualboyadvance.exe" = protocol=6 | dir=in | app=d:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\visualboyadvance.exe | 
"UDP Query User{02926C47-5F1F-4BD0-A3F6-145BEAD6D73E}D:\progs\hack\prorat_1.9_se\proconnective.exe" = protocol=17 | dir=in | app=d:\progs\hack\prorat_1.9_se\proconnective.exe | 
"UDP Query User{042F3851-5A75-4270-AB57-038493FEC663}D:\internet\inetprogramme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\internet\inetprogramme\icq6.5\icq.exe | 
"UDP Query User{051587D5-7FB8-4F8B-9D26-C922B2A069DB}C:\users\marvin\appdata\local\temp\rar$ex15.705\bifrost_1.2.1_unpacked\bifrost.exe" = protocol=17 | dir=in | app=c:\users\marvin\appdata\local\temp\rar$ex15.705\bifrost_1.2.1_unpacked\bifrost.exe | 
"UDP Query User{0CE3CCB3-F06A-4CA5-9CA4-817834E8A717}C:\users\marvin\desktop\pokemon\2\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\marvin\desktop\pokemon\2\visualboyadvance.exe | 
"UDP Query User{17BAA2EC-0B5B-4B3D-9415-FB5342E08BC0}D:\spiele\wolfenstein\mp\wolf2mp.exe" = protocol=17 | dir=in | app=d:\spiele\wolfenstein\mp\wolf2mp.exe | 
"UDP Query User{19BE681B-5CCB-4C92-AE41-835CF067BA42}D:\internet\inetprogramme\cain\cain.exe" = protocol=17 | dir=in | app=d:\internet\inetprogramme\cain\cain.exe | 
"UDP Query User{1DA872E5-21A2-4E25-B7C4-74C1E46155EE}D:\spiele\c+c\mph.exe" = protocol=17 | dir=in | app=d:\spiele\c+c\mph.exe | 
"UDP Query User{25CF70CF-5A67-4A26-B55D-085B5A045DC0}C:\windows\system32\presentationhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\presentationhost.exe | 
"UDP Query User{263A7781-3736-4DB8-A09E-597F90ED86C8}D:\internet\inetprogramme\cain\cain\cain.exe" = protocol=17 | dir=in | app=d:\internet\inetprogramme\cain\cain\cain.exe | 
"UDP Query User{291C3811-96EF-4C63-A4C8-13126C05BBCA}D:\spiele\anno 1503\1503startup.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1503\1503startup.exe | 
"UDP Query User{2ADAA690-79F1-43CF-8EE2-9813E1030F8A}C:\users\marvin\desktop\pokemon\1.8\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\marvin\desktop\pokemon\1.8\visualboyadvance.exe | 
"UDP Query User{2B8603AC-97E7-418A-AF46-A55069155174}I:\programme\bf\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=i:\programme\bf\battlefield 2\bf2.exe | 
"UDP Query User{41FB38DD-3CBA-47DA-8BB8-DD1EB8598F52}C:\users\marvin\appdata\local\temp\rar$ex00.033\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\marvin\appdata\local\temp\rar$ex00.033\ipcurve\ipcurve.exe | 
"UDP Query User{4C78481B-EFBE-47AF-98BF-2D41802B2DDC}D:\spiele\gta4\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\gta4\grand theft auto iv\gtaiv.exe | 
"UDP Query User{4E8F4CE8-277E-473C-9A44-28F722A5A40B}D:\spiele\c+c\game.exe" = protocol=17 | dir=in | app=d:\spiele\c+c\game.exe | 
"UDP Query User{54133F5F-3B42-4925-A58F-D44B96369BC1}D:\spiele\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=d:\spiele\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{589B035A-FDAD-48C9-A56A-4F86C98733F1}D:\spiele\gta4\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\gta4\grand theft auto iv\gtaiv.exe | 
"UDP Query User{5F5A18AC-FD0B-433F-8DD0-799283A244B9}C:\users\marvin\desktop\pokemon\2\vbaserver.exe" = protocol=17 | dir=in | app=c:\users\marvin\desktop\pokemon\2\vbaserver.exe | 
"UDP Query User{6323722D-0226-4EC4-8EF7-BC8D3FC8A1BE}D:\spiele\setup\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\spiele\setup\counter-strike 1.6\hl.exe | 
"UDP Query User{6813BAE6-7C41-4B67-9C1E-E67D10FED03C}D:\spiele\setup\counter-strike 1.6\hlds.exe" = protocol=17 | dir=in | app=d:\spiele\setup\counter-strike 1.6\hlds.exe | 
"UDP Query User{691D091C-5EF7-455D-9A37-147725F004EF}D:\spiele\moh\pacificassault\mohpa.exe" = protocol=17 | dir=in | app=d:\spiele\moh\pacificassault\mohpa.exe | 
"UDP Query User{74BD6ED9-EFDA-4FDA-95D7-A117D3BE8751}D:\spiele\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steamless counterstrikesource pack\hl2.exe | 
"UDP Query User{75F7CC34-AAC4-4203-BAC2-4991C6FE21BA}D:\spiele\setup\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\spiele\setup\counter-strike 1.6\hl.exe | 
"UDP Query User{7FB5F471-DDEE-4DD2-9F09-DA5F39C20A90}J:\programme\bf\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=j:\programme\bf\battlefield 2\bf2.exe | 
"UDP Query User{8867C3AD-5A1F-4236-A94A-8734E2DC7570}D:\spiele\c+c\game.exe" = protocol=17 | dir=in | app=d:\spiele\c+c\game.exe | 
"UDP Query User{956721CA-42A2-4650-8EE8-3EFF7AD6F0D0}D:\spiele\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steamless counterstrikesource pack\hl2.exe | 
"UDP Query User{98BE3613-ABA5-4042-9FBC-41936E57C461}D:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\visualboyadvance.exe" = protocol=17 | dir=in | app=d:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\visualboyadvance.exe | 
"UDP Query User{9B9F1CF8-D82C-440F-AF79-69099CD12708}D:\spiele\setup\counter-strike 1.6\hltv.exe" = protocol=17 | dir=in | app=d:\spiele\setup\counter-strike 1.6\hltv.exe | 
"UDP Query User{A3C80078-6A86-464B-894E-664FB146E9E1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{AD1A5601-A68B-4DE6-B60B-F74AEE812C42}D:\spiele\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=d:\spiele\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{B34FF909-F0A3-43D2-8A65-11ED6827DB4F}D:\spiele\setup\counter-strike 1.6aaa\hltv.exe" = protocol=17 | dir=in | app=d:\spiele\setup\counter-strike 1.6aaa\hltv.exe | 
"UDP Query User{BA231136-AD28-41B1-9DAC-2AE298247EAA}D:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\link\2\vbaserver.exe" = protocol=17 | dir=in | app=d:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\link\2\vbaserver.exe | 
"UDP Query User{D4BC4E29-62B7-49F8-A334-A1C37047E345}D:\progs\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\progs\vlc\vlc.exe | 
"UDP Query User{D886260C-0347-4A4A-8B43-7A6D707A3712}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DB15A15E-7B99-45E2-AA80-09F32ECC43F3}D:\spiele\cod mw2\iw4mp.exe" = protocol=17 | dir=in | app=d:\spiele\cod mw2\iw4mp.exe | 
"UDP Query User{E0EF7F04-1B52-4F9A-8B04-035019D24704}D:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\link\2\vbaserver.exe" = protocol=17 | dir=in | app=d:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\link\2\vbaserver.exe | 
"UDP Query User{E87A4E9A-6C24-49CA-B236-9356BF984309}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{EA2C7942-4EB2-4C2D-8159-8D9F4DA65A69}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F7D472D2-091B-467B-ADB5-383AB93FB1CE}D:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\visualboyadvance.exe" = protocol=17 | dir=in | app=d:\spiele\pokemon (incl. saphire+ruby) gameboy roms (gba,gb,gbc) in englis\emulator\visualboyadvance 1.6 (gb,gba,gbc)\visualboyadvance.exe | 
"UDP Query User{F86C0A43-78AB-422F-B2C7-D12E05B7DE72}D:\internet\inetprogramme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\internet\inetprogramme\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}" = WarRock
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4527481F-E36D-408E-9F40-89E2630E2120}" = TubeBox!
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3EF687-803F-4825-B815-04AE32DDEB41}" = YAVIDO
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.0
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3492D9E-7FBB-1DF6-F759-2A37FA231031}" = Nero 7 Demo
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bridge Builder" = Bridge Builder
"C&C Alarmstufe Rot_is1" = C&C Alarmstufe Rot
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"Cataclysm" = Cataclysm
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"File Recover_is1" = File Recover 7.0
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"German Patch" = German Patch
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Homeworld" = Homeworld
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Polipo" = Polipo 1.0.4.1
"PunkBusterSvc" = PunkBuster Services
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"RollerCoaster Tycoon Setup" = Roll
"Roulette Software Dan0_21" = Roulette Software Dan0_21 (Remove Only)
"Smart Data Recovery_is1" = Smart Data Recovery v4.2
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.2.14-alpha
"UndeletePlus_is1" = Undelete Plus 2.98
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"UseNeXT_is1" = UseNeXT
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.9
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WebcamMax" = WebcamMax
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 0.99.7
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"XMedia Recode" = XMedia Recode 2.1.2.5
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.0
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.10.2010 07:50:45 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.10.2010 12:47:26 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2010 08:09:45 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2010 23:49:13 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.10.2010 03:47:25 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.10.2010 10:43:43 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.10.2010 21:24:20 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.10.2010 10:13:13 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.10.2010 09:30:47 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.10.2010 10:15:42 | Computer Name = Marvin-NB | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.11.2010 11:35:30 | Computer Name = Marvin-NB | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.11.2010 15:21:21 | Computer Name = Marvin-NB | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 17.11.2010 15:46:29 | Computer Name = Marvin-NB | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 18.11.2010 12:15:31 | Computer Name = Marvin-NB | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 18.11.2010 12:16:18 | Computer Name = Marvin-NB | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 19.11.2010 10:12:32 | Computer Name = Marvin-NB | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.11.2010 10:12:43 | Computer Name = Marvin-NB | Source = DCOM | ID = 10005
Description = 
 
Error - 19.11.2010 10:12:43 | Computer Name = Marvin-NB | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 19.11.2010 10:25:54 | Computer Name = Marvin-NB | Source = DCOM | ID = 10010
Description = 
 
Error - 20.11.2010 18:52:54 | Computer Name = Marvin-NB | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         


OTL.txt
Code:
ATTFilter
OTL logfile created on: 21.11.2010 14:59:34 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Marvin\Documents\konni
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,01 Gb Total Space | 10,14 Gb Free Space | 12,21% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 33,07 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Drive E: | 2,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARVIN-NB | User Name: Marvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marvin\Documents\konni\OTL.exe (OldTimer Tools)
PRC - D:\Internet\InetProgramme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10g_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - D:\Progs\schutz\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Progs\torrent\uTorrent.exe (BitTorrent, Inc.)
PRC - D:\Internet\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Progs\virtualCloneDriver\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\SamSung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\SamSung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - D:\Progs\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Marvin\Documents\konni\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- D:\Internet\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- D:\Progs\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PRISM_A02) -- C:\Windows\System32\DRIVERS\PRISMA02.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfre1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: {E78313ED-E64C-451B-9B5F-8A66A8D08A64}:2.5.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..network.proxy.backup.ftp: "110.137.49.181"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "110.137.49.181"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "110.137.49.181"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "110.137.49.181"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.http: "118.96.136.21"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Progs\Adobe CS 5 Master\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.10.03 14:34:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.07 17:44:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.03 14:35:00 | 000,000,000 | ---D | M]
 
[2009.08.23 08:20:17 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\mozilla\Extensions
[2010.10.08 17:07:35 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\ar66j0rk.default\extensions
[2010.05.30 20:41:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\ar66j0rk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.14 20:40:57 | 000,000,000 | ---D | M] (FireFox accelerator) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\ar66j0rk.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64}
[2010.05.27 08:08:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.24 16:20:03 | 000,000,000 | ---D | M] (Adobe Reader) -- C:\Programme\Mozilla Firefox\extensions\{b677fa16-ac2f-410c-8ea5-3bc98ed515d3}
[2010.05.27 08:08:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.03.27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npContribute.dll
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.01 12:37:07 | 000,000,925 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Progs\Adobe CS 5 Master\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Adobe Reader) - {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} - C:\Users\Marvin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Systems, Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Progs\Adobe CS 5 Master\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Programme\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Internet\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TQ566808] E:\Setup.exe File not found
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Progs\virtualCloneDriver\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{7D1BC36A-8A77-52B0-93D2-837B92459014}] C:\Users\Marvin\AppData\Roaming\Dufu\nyuc.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [AlcoholAutomount] D:\Progs\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Power2GoExpress]  File not found
O4 - HKCU..\Run: [Steam] D:\Internet\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] D:\Progs\torrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WebcamMaxAutoRun] D:\Progs\WebcamMax\WebcamMax.exe (CoolwareMax)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Progs\schutz\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdbUpd.lnk = C:\Users\Marvin\AppData\Roaming\Adobe\AdobeUpdate.exe (Adobe Systems Incorporated)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Internet\InetProgramme\\ICQ6.5\ICQ.exe ()
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Internet\InetProgramme\\ICQ6.5\ICQ.exe ()
O13 - gopher Prefix: missing
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} hxxp://128.97.43.214/activex/decoder/mpeg4_dec.cab (Moonlight MPEG-4 Video Decoder)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://129.57.20.46:1497/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{043206f1-f388-11dd-a3d4-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{043206f1-f388-11dd-a3d4-001bdc0fad49}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{8a627727-72f5-11de-b34f-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{8a627727-72f5-11de-b34f-001bdc0fad49}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{8a627727-72f5-11de-b34f-001bdc0fad49}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{9c0fa9e8-9954-11de-b11b-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{aae8ebd5-cf66-11dd-89f9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aae8ebd5-cf66-11dd-89f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b965ceae-9911-11de-b223-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{b965ceae-9911-11de-b223-001bdc0fad49}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{b965ceae-9911-11de-b223-001bdc0fad49}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\{b965cebe-9911-11de-b223-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{b965cebe-9911-11de-b223-001bdc0fad49}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{b965cedd-9911-11de-b223-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{b965cede-9911-11de-b223-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{b965cede-9911-11de-b223-001bdc0fad49}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\{b965cedf-9911-11de-b223-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{b965cee0-9911-11de-b223-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{b965cee1-9911-11de-b223-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{d569058b-2aa7-11de-941a-001bdc0fad49}\Shell - "" = AutoRun
O33 - MountPoints2\{d569058b-2aa7-11de-941a-001bdc0fad49}\Shell\AutoRun\command - "" = F:\Install.exe -- File not found
O33 - MountPoints2\{e6baf19c-65bc-11df-892c-001377ad79a1}\Shell - "" = AutoRun
O33 - MountPoints2\{e6baf1b3-65bc-11df-892c-001377ad79a1}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.21 14:52:46 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Malwarebytes
[2010.11.21 14:52:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.21 14:52:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.21 14:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.21 02:24:23 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Uniblue
[2010.11.21 02:24:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
[2010.11.21 02:24:15 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.11.21 02:24:05 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\PackageAware
[2010.11.13 12:52:01 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\LogMeIn Hamachi
[2010.11.12 11:24:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.11.12 11:24:18 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.10.28 04:54:48 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\usb
[2010.10.27 09:14:05 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.27 09:14:04 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.27 09:14:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.10.24 21:26:47 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Flight Simulator X Files
[2010.10.24 20:32:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Microsoft Games
[2010.10.24 19:28:29 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.10.24 19:28:29 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Adobe Mini Bridge CS5
[2010.10.23 17:51:08 | 000,000,000 | ---D | C] -- C:\MappedFiles
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.21 15:01:13 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1F699E16-92E0-4518-8D77-99826ABBD9FD}.job
[2010.11.21 14:54:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.21 14:52:32 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 14:46:56 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.21 14:46:43 | 000,425,630 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.21 14:46:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.21 14:46:27 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.21 14:46:22 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.21 02:24:26 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010.11.21 02:24:22 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2010.11.21 02:24:02 | 000,425,630 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.20 22:12:20 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.19 15:17:35 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.19 15:17:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.19 15:17:35 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.19 15:17:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.19 15:10:46 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.19 14:45:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.19 10:14:07 | 000,278,897 | ---- | M] () -- C:\Users\Marvin\Desktop\C_CN76_TM_01_1005.pdf
[2010.11.17 20:49:41 | 000,095,744 | ---- | M] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.12 11:31:32 | 000,024,576 | ---- | M] () -- C:\Users\Marvin\Desktop\Jubiliste2010.xls
[2010.11.12 11:26:57 | 000,000,010 | ---- | M] () -- C:\Users\Marvin\AppData\Roaming\install
[2010.11.11 17:17:24 | 000,000,785 | ---- | M] () -- C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdbUpd.lnk
[2010.11.03 12:51:19 | 000,048,640 | ---- | M] () -- C:\Users\Marvin\Documents\St. Martin.doc
[2010.11.02 15:35:11 | 000,015,872 | ---- | M] () -- C:\Users\Marvin\Documents\Baum.xls
[2010.11.02 07:54:23 | 000,000,104 | ---- | M] () -- C:\Users\Marvin\Desktop\Computer - Verknüpfung.lnk
[2010.10.27 09:55:15 | 000,259,584 | ---- | M] () -- C:\Users\Marvin\Documents\Baumschule.doc
[2010.10.27 09:20:06 | 000,838,808 | ---- | M] () -- C:\Users\Marvin\Documents\Formgehölze_vdberk.pdf
[2010.10.26 04:55:24 | 000,000,680 | ---- | M] () -- C:\Users\Marvin\AppData\Local\d3d9caps.dat
[2010.10.25 12:02:15 | 000,029,184 | ---- | M] () -- C:\Users\Marvin\Desktop\Widerspruch_Stadt Hamm Thomas Rosenstein[1].doc
[2010.10.24 21:18:15 | 003,751,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.24 14:41:28 | 000,025,600 | ---- | M] () -- C:\Users\Marvin\Documents\Schwerbehinderung.doc
[2010.10.22 22:55:37 | 000,031,744 | ---- | M] () -- C:\Users\Marvin\Documents\Oktoberfest Party.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.21 14:52:32 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 02:24:25 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010.11.21 02:24:15 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2010.11.19 10:14:07 | 000,278,897 | ---- | C] () -- C:\Users\Marvin\Desktop\C_CN76_TM_01_1005.pdf
[2010.11.12 11:31:32 | 000,024,576 | ---- | C] () -- C:\Users\Marvin\Desktop\Jubiliste2010.xls
[2010.11.12 11:26:57 | 000,000,010 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\install
[2010.11.11 17:17:24 | 000,000,785 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdbUpd.lnk
[2010.11.03 12:39:35 | 000,048,640 | ---- | C] () -- C:\Users\Marvin\Documents\St. Martin.doc
[2010.11.02 15:35:11 | 000,015,872 | ---- | C] () -- C:\Users\Marvin\Documents\Baum.xls
[2010.11.02 07:54:23 | 000,000,104 | ---- | C] () -- C:\Users\Marvin\Desktop\Computer - Verknüpfung.lnk
[2010.10.27 09:55:15 | 000,259,584 | ---- | C] () -- C:\Users\Marvin\Documents\Baumschule.doc
[2010.10.27 09:20:06 | 000,838,808 | ---- | C] () -- C:\Users\Marvin\Documents\Formgehölze_vdberk.pdf
[2010.10.25 12:02:15 | 000,029,184 | ---- | C] () -- C:\Users\Marvin\Desktop\Widerspruch_Stadt Hamm Thomas Rosenstein[1].doc
[2010.10.24 13:58:16 | 000,025,600 | ---- | C] () -- C:\Users\Marvin\Documents\Schwerbehinderung.doc
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.10.06 17:21:29 | 000,000,132 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.08.01 12:58:49 | 000,000,081 | ---- | C] () -- C:\Windows\FinalAlert2.ini
[2010.06.30 15:23:24 | 000,004,096 | -H-- | C] () -- C:\Users\Marvin\AppData\Local\keyfile3.drm
[2010.03.10 07:07:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.26 11:24:46 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.02.26 11:24:46 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.16 07:23:32 | 000,024,206 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\UserTile.png
[2010.02.04 22:10:56 | 000,000,173 | ---- | C] () -- C:\Users\Marvin\AppData\Local\rahistory.xml
[2010.02.04 21:40:43 | 000,000,643 | ---- | C] () -- C:\Users\Marvin\AppData\Local\RAExpertHistory.xml
[2010.01.03 14:51:03 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.01.03 14:51:03 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.01.03 14:51:03 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.01.03 14:50:45 | 000,000,071 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.12.28 20:37:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.20 17:45:41 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.12.20 17:45:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.09.25 16:24:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.17 20:50:57 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.17 20:50:57 | 000,139,152 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\PnkBstrK.sys
[2009.06.13 06:52:26 | 000,000,552 | ---- | C] () -- C:\Users\Marvin\AppData\Local\d3d8caps.dat
[2009.04.16 17:53:32 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.02.02 23:33:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.24 11:45:59 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.12.21 20:57:43 | 000,425,630 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.21 17:54:43 | 000,425,630 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.21 17:26:15 | 000,095,744 | ---- | C] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.21 15:29:53 | 000,000,135 | ---- | C] () -- C:\Windows\System32\lngEng.ini
[2008.12.21 15:29:53 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.12.21 15:22:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.12.21 15:22:02 | 000,002,134 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.12.21 15:08:13 | 000,000,680 | ---- | C] () -- C:\Users\Marvin\AppData\Local\d3d9caps.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1997.06.18 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.06.18 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== Files - Unicode (All) ==========
[2009.12.28 20:44:28 | 000,000,000 | ---D | M](C:\Users\Marvin\Documents\? CYON) -- C:\Users\Marvin\Documents\내 CYON
[2009.06.20 17:38:21 | 000,000,000 | ---D | C](C:\Users\Marvin\Documents\? CYON) -- C:\Users\Marvin\Documents\내 CYON
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:24051EFF

< End of report >
         
__________________

Alt 21.11.2010, 17:10   #4
nivram
 
suchmaschinen virus? - Standard

suchmaschinen virus?



hier der log von Malwarebytes


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5162

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

21.11.2010 17:05:13
mbam-log-2010-11-21 (17-05-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 521513
Laufzeit: 2 Stunde(n), 4 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\bifrost1.2 (Bifrose.Trace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7d1bc36a-8a77-52b0-93d2-837b92459014} (Spyware.Passwords.XGen) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Marvin\AppData\Roaming\Dufu\nyuc.exe (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFHQVG97\err.log3823600 (Trojan.Dropper) -> No action taken.
C:\Users\Marvin\AppData\Roaming\Adobe\AdobeUpdate.exe (Trojan.Dropper) -> No action taken.
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdbUpd.lnk (Malware.Trace) -> No action taken.
C:\Users\Marvin\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> No action taken.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> No action taken.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> No action taken.
         

Alt 21.11.2010, 18:43   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
suchmaschinen virus? - Standard

suchmaschinen virus?



Zitat:
-> No action taken.
Wieso entfernst du die Funde nicht?

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2010, 21:43   #6
nivram
 
suchmaschinen virus? - Standard

suchmaschinen virus?



jo das Problem ist behoben Suchmaschinen funktionieren wider vernünftig
THX

Antwort

Themen zu suchmaschinen virus?
adobe, antivir, antivir guard, avg, avira, bho, defender, desktop, excel, fehler, google, hijack, hijackthis, internet, internet explorer, object, plug-in, problem, rundll, software, suchmaschine, system, updates, virus, vista, web.de, windows




Ähnliche Themen: suchmaschinen virus?


  1. unerwünschte suchmaschinen vorbeugen?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (1)
  2. searchnu.com auf allen suchmaschinen
    Log-Analyse und Auswertung - 24.03.2013 (3)
  3. Umleitung bei Suchmaschinen
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (18)
  4. Unerwünschte Umleitung bei Suchmaschinen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2012 (19)
  5. Falschleitung auf Spamseiten von Suchmaschinen
    Log-Analyse und Auswertung - 18.01.2012 (28)
  6. Internet umleitung auf Suchmaschinen
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (30)
  7. Suchmaschinen fehlerhaft
    Log-Analyse und Auswertung - 09.10.2011 (6)
  8. Weiterleitung falsch bei Suchmaschinen
    Plagegeister aller Art und deren Bekämpfung - 14.12.2010 (1)
  9. Google Suchmaschinen Virus
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (25)
  10. Browserabsturz bei Verwendung von Suchmaschinen
    Plagegeister aller Art und deren Bekämpfung - 07.02.2010 (2)
  11. Google Suchmaschinen Virus
    Log-Analyse und Auswertung - 18.01.2010 (6)
  12. Suchmaschinen Weiterleitung, Virus nach Formatierung
    Log-Analyse und Auswertung - 17.12.2009 (3)
  13. Suchmaschinen leiten auf windowsclick...
    Plagegeister aller Art und deren Bekämpfung - 22.08.2009 (42)
  14. Verlinkung aus Suchmaschinen falsch ...
    Mülltonne - 23.11.2008 (0)
  15. Suchmaschinen-Umleitung (abcsearch)
    Log-Analyse und Auswertung - 19.08.2007 (6)
  16. wieder mal ein Suchmaschinen Blocker
    Plagegeister aller Art und deren Bekämpfung - 02.12.2005 (31)
  17. suchmaschinen
    Netzwerk und Hardware - 06.05.2003 (9)

Zum Thema suchmaschinen virus? - kann seit ca 1 Woche nicht mehr in google und auch yahoo vernünftig suchen wen ich nach etwas suche und auf den link drücken seht in der adresszeile die angebende - suchmaschinen virus?...
Archiv
Du betrachtest: suchmaschinen virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.