|
Plagegeister aller Art und deren Bekämpfung: Virus auf SD Karte, RECYCLER - autorun.infWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.12.2010, 19:38 | #1 |
| Virus auf SD Karte, RECYCLER - autorun.inf Guten Abends =) Mein Problem deckt sich eigentlich mit diesem hier: http://www.trojaner-board.de/93721-w...ert-nicht.html Sobald ich die SD Karte einstecke, erscheinen Meldungen von AntiVir, Formatieren bringt aber nichts...Bereits nach einigen Sekunden tauchen die eben gelöschten Dateien wieder auf. Scan bei Malwarebytes läuft gerade, allerdings hab ich genau dazu noch eine Frage. Soll ich die SD Karte mitscannen? Kann der Virus sich irgendwie weiter verbreiten, wenn ich die SD Karte längere Zeit eingesteckt lasse? Und wenn ich meinen Laptop recovern würde, wäre das Problem dann gelöst? Denn dann müsste ich ja all meine Daten auf meiner externen Festplatte zwischenspeichern... Und ist der Virus dann nich auch wieder auf der Festplatte und würde quasi mit umziehen? Ich bin wirklich Laie und auch ehrlich gesagt ziemlich überfordert mit diesem Problem, man verzeihe mir dies bitte. Ich hoffe, man kann mir helfen...vielen Dank im voraus, liebe Grüße =) Hier jetzt die Ergebnisse vom Scan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5312 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18975 14.12.2010 21:38:08 mbam-log-2010-12-14 (21-38-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|H:\|) Durchsuchte Objekte: 460688 Laufzeit: 2 Stunde(n), 49 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Windows\XviDplg.dll (Trojan.BHO) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{1FD79A59-37B1-459B-9097-09F9FAB8A523} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{B97F9125-71A1-48D0-B920-F140EF8DE809} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\DNSCache.DNSCacheObj.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\DNSCache.DNSCacheObj (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{376892AE-1825-4E5F-9F85-23F9640051CC} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892AE-1825-4E5F-9F85-23F9640051CC} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{B34E9B86-5C2D-82F5-DE8E-1FD437946E98} (Trojan.ZbotR.Gen) -> Value: {B34E9B86-5C2D-82F5-DE8E-1FD437946E98} -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\portwexexe.exe (Trojan.SpyEyes) -> No action taken. Infizierte Dateien: c:\Windows\XviDplg.dll (Trojan.BHO) -> No action taken. c:\Users\coco.contagious\AppData\Local\Temp\tmpd07c5940\all-zahlung.exe (Trojan.Agent) -> No action taken. c:\Users\coco.contagious\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\bffoqodd.exe (Trojan.Agent) -> No action taken. c:\Users\coco.contagious\AppData\Roaming\desktopicon\ebayshortcuts.exe (Adware.ADON) -> No action taken. c:\Users\coco.contagious\fbxmimmhópùšëbffoqodd.exe\bffoqodd.exe (Trojan.Agent) -> No action taken. c:\Users\coco.contagious\ckgavsjf@p°™ëbffoqodd.exe\bffoqodd.exe (Trojan.Agent) -> No action taken. c:\Users\coco.contagious\AppData\Roaming\Umnov\ehba.exe (Trojan.ZbotR.Gen) -> No action taken. c:\portwexexe.exe\config.bin (Trojan.SpyEyes) -> No action taken. Und noch die Logfiles von OTL: Code:
ATTFilter OTL logfile created on: 14.12.2010 19:42:26 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Coco.Contagious\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 24,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 41,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 189,00 Gb Total Space | 48,23 Gb Free Space | 25,52% Space Free | Partition Type: NTFS Drive E: | 100,59 Gb Total Space | 5,94 Gb Free Space | 5,90% Space Free | Partition Type: NTFS Computer Name: LOVELYLAPTOP | User Name: Coco.Contagious | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Coco.Contagious\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Autorun Eater\billy.exe (Old McDonald's Farm) PRC - C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm) PRC - C:\Program Files\GfKLSPService\GfKLSPService.exe (nurago GmbH) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe () PRC - C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe () PRC - C:\Program Files\GfKLSPService\GacelaWatchDogService.exe () PRC - C:\Program Files\GfK Internet-Monitor\GfK-Process-Connector.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\lg_swupdate\GiljabiStart.exe (BIT LEADER) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Windows Sidebar\Gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe (LG Electronics Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\lxbkcoms.exe ( ) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation) PRC - C:\Program Files\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Coco.Contagious\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (GfkLSPService) -- C:\Program Files\GfKLSPService\GfKLSPService.exe (nurago GmbH) SRV - (GfK-Reporting-Service) -- C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe () SRV - (GfK-Update-Service) -- C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe () SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( ) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (MSSQL$PINNACLESYS) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$PINNACLESYS) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (InterBaseServer) -- C:\Program Files\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation) SRV - (InterBaseGuardian) -- C:\Program Files\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation) ========== Driver Services (SafeList) ========== DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys File not found DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys File not found DRV - (BTHidEnum) -- C:\Windows\System32\DRIVERS\vbtenum.sys File not found DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys File not found DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found DRV - (BlueletSCOAudio) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys File not found DRV - (BlueletAudio) -- C:\Windows\System32\DRIVERS\blueletaudio.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.psd-tutorials.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://sn143w.snt143.mail.live.com/default.aspx?wa=wsignin1.0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 205.134.162.147:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q=" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.myfreefarm.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.7 FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02 FF - prefs.js..extensions.enabledItems: gacela2@nurago.com:10.1.263 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010.02.21 20:45:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.06.10 20:14:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\GfK Internet-Monitor\ [2010.12.14 18:50:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 17:47:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 17:47:56 | 000,000,000 | ---D | M] [2009.02.07 18:57:56 | 000,000,000 | ---D | M] -- C:\Users\Coco.Contagious\AppData\Roaming\mozilla\Extensions [2010.12.13 20:18:31 | 000,000,000 | ---D | M] -- C:\Users\Coco.Contagious\AppData\Roaming\mozilla\Firefox\Profiles\7cw88m5i.default\extensions [2009.08.26 14:28:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Coco.Contagious\AppData\Roaming\mozilla\Firefox\Profiles\7cw88m5i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.06.19 00:21:19 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Coco.Contagious\AppData\Roaming\mozilla\Firefox\Profiles\7cw88m5i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.19 00:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coco.Contagious\AppData\Roaming\mozilla\Firefox\Profiles\7cw88m5i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.10.24 11:58:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Coco.Contagious\AppData\Roaming\mozilla\Firefox\Profiles\7cw88m5i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.02.09 19:21:06 | 000,000,682 | ---- | M] () -- C:\Users\Coco.Contagious\AppData\Roaming\Mozilla\FireFox\Profiles\7cw88m5i.default\searchplugins\ask.xml [2010.02.24 22:05:24 | 000,001,840 | ---- | M] () -- C:\Users\Coco.Contagious\AppData\Roaming\Mozilla\FireFox\Profiles\7cw88m5i.default\searchplugins\bing.xml [2010.10.22 17:06:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.02.12 11:21:23 | 000,000,000 | ---D | M] (Eazel-DE Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010.10.08 20:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.08 20:31:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.08 20:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.08 20:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.08 20:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.02.11 11:13:50 | 000,000,532 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (CDNSCacheObj Object) - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\Windows\XviDplg.dll () O2 - BHO: (GfK Internet-Monitor) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet-Monitor\Gacela2.dll (nurago GmbH) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (Ecosia Class) - {B180DF8A-D2CF-49e9-9C3E-D7BA05D73416} - C:\Program Files\Ecosia\ecosia.dll () O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {01708BC3-6BDC-47fc-98FD-27875CF91138} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GfKWatchDog] C:\Program Files\GfKLSPService\GacelaWatchDogService.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{B34E9B86-5C2D-82F5-DE8E-1FD437946E98}] C:\Users\Coco.Contagious\AppData\Roaming\Umnov\ehba.exe (Arab Team 4 Reverse Engineering - www.at4re.com) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Coco.Contagious\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bffoqodd.exe () O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Download mit USDownloader - E:\Setups\Ext\downloadie.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Coco.Contagious\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra 'Tools' menuitem : Über GfK Internet-Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet-Monitor\Gacela2.dll (nurago GmbH) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\GfKLSPService.DLL (nurago GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\GfKLSPService.DLL (nurago GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\GfKLSPService.DLL (nurago GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\GfKLSPService.DLL (nurago GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\GfKLSPService.DLL (nurago GmbH) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: grassroots-marktforschung.de ([testerwelt] https in Vertrauenswürdige Sites) O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {F27CBD6E-1234-11CF-0000-000000000000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Coco.Contagious\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Coco.Contagious\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.30 21:17:05 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{186a8f19-98a1-11dd-89da-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{186a8f19-98a1-11dd-89da-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- File not found O33 - MountPoints2\{5f1b0c05-fcfd-11dd-8628-001e68fa3bf3}\Shell - "" = AutoRun O33 - MountPoints2\{5f1b0c05-fcfd-11dd-8628-001e68fa3bf3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{5f1b0c0d-fcfd-11dd-8628-001e68fa3bf3}\Shell - "" = AutoRun O33 - MountPoints2\{5f1b0c0d-fcfd-11dd-8628-001e68fa3bf3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{6ef80b9c-19d4-11de-85be-001e68fa3bf3}\Shell - "" = AutoRun O33 - MountPoints2\{6ef80b9c-19d4-11de-85be-001e68fa3bf3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{a27d10e1-662d-11de-9c42-001e68fa3bf3}\Shell - "" = AutoRun O33 - MountPoints2\{a27d10e1-662d-11de-9c42-001e68fa3bf3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\{bef3e278-5d21-11df-8dbb-001e68fa3bf3}\Shell - "" = AutoRun O33 - MountPoints2\{bef3e278-5d21-11df-8dbb-001e68fa3bf3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{ef069275-51f7-11df-8964-001e68fa3bf3}\Shell - "" = AutoRun O33 - MountPoints2\{ef069275-51f7-11df-8964-001e68fa3bf3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.14 19:41:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Coco.Contagious\Desktop\OTL.exe [2010.12.14 18:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater [2010.12.14 18:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater [2010.12.14 18:47:19 | 000,000,000 | ---D | C] -- C:\Users\Coco.Contagious\AppData\Roaming\Malwarebytes [2010.12.14 18:47:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.14 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.14 18:47:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.14 18:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.12.14 18:46:32 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Coco.Contagious\Desktop\mbam-setup.exe [2010.12.13 16:30:03 | 000,266,240 | ---- | C] (nurago GmbH) -- C:\Windows\System32\GfKLSPService.DLL [2010.12.13 16:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\GfKLSPService [2010.12.13 16:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\GfK Internet-Monitor [2010.12.13 16:21:40 | 000,000,000 | ---D | C] -- C:\Users\Coco.Contagious\fbxmiMMhÓpÙšËbffoqodd.exe [2010.12.12 23:20:28 | 000,000,000 | ---D | C] -- C:\Users\Coco.Contagious\Desktop\gufi [2010.12.12 04:54:45 | 000,000,000 | ---D | C] -- C:\Users\Coco.Contagious\cKgavSjf@P°™Ëbffoqodd.exe [2010.12.11 09:55:38 | 000,000,000 | ---D | C] -- C:\Users\Coco.Contagious\Desktop\Lays [2010.12.05 23:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.12.05 23:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.11.28 12:13:33 | 000,000,000 | ---D | C] -- C:\TIVOLA [2010.11.23 20:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ecosia [2010.11.19 11:31:20 | 000,000,000 | ---D | C] -- C:\Users\Coco.Contagious\AppData\Roaming\Canneverbe Limited [2009.08.12 10:57:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Coco.Contagious\AppData\Roaming\pcouffin.sys [2009.05.25 07:00:35 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll [2009.05.25 07:00:35 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll [2009.05.25 07:00:35 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll [2009.05.25 07:00:35 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll [2009.05.25 07:00:35 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll [2009.05.25 07:00:35 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll [2009.05.25 07:00:35 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll [2009.05.25 07:00:35 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll [2009.05.25 07:00:35 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll [2009.05.25 07:00:35 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll [2009.05.25 07:00:35 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll [2009.05.25 07:00:35 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll ========== Files - Modified Within 30 Days ========== [2010.12.14 19:41:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Coco.Contagious\Desktop\OTL.exe [2010.12.14 19:39:31 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5CC1D449-969A-45E0-818B-6132AF2EF864}.job [2010.12.14 19:36:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.14 19:36:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.14 19:00:08 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.12.14 18:53:18 | 001,364,101 | ---- | M] () -- C:\Users\Coco.Contagious\Desktop\aesetup2.5.zip [2010.12.14 18:47:06 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.14 18:46:49 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Coco.Contagious\Desktop\mbam-setup.exe [2010.12.14 18:20:11 | 000,138,737 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.12.14 18:20:11 | 000,138,737 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.12.14 17:35:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.13 16:29:13 | 3218,288,640 | -HS- | M] () -- C:\hiberfil.sys [2010.12.13 16:27:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.12.12 23:33:46 | 000,015,225 | ---- | M] () -- C:\Users\Coco.Contagious\Desktop\Handbuch EDV.docx [2010.12.12 20:53:23 | 000,000,425 | ---- | M] () -- C:\Users\Coco.Contagious\Desktop\help.php [2010.12.12 16:35:16 | 000,000,722 | ---- | M] () -- C:\Users\Coco.Contagious\Desktop\header2.php [2010.12.12 16:35:16 | 000,000,722 | ---- | M] () -- C:\Users\Coco.Contagious\Desktop\header1.php [2010.12.12 04:54:39 | 000,070,670 | --S- | M] () -- C:\Users\Coco.Contagious\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bffoqodd.exe [2010.12.11 11:06:10 | 000,060,416 | ---- | M] () -- C:\Users\Coco.Contagious\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.11 09:57:03 | 000,010,729 | ---- | M] () -- C:\Users\Coco.Contagious\Desktop\Kindergartenstunden.xlsx [2010.12.08 22:45:33 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.06 22:15:52 | 000,010,185 | ---- | M] () -- C:\Users\Coco.Contagious\Desktop\abi_berechnung.docx [2010.12.06 21:31:05 | 000,000,308 | ---- | M] () -- C:\Windows\lexstat.ini [2010.12.02 22:27:33 | 000,695,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.02 22:27:33 | 000,655,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.02 22:27:33 | 000,154,860 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.02 22:27:33 | 000,128,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.28 15:27:08 | 000,000,031 | ---- | M] () -- C:\Windows\tkkg_3.ini [2010.11.25 23:03:58 | 000,011,120 | ---- | M] () -- C:\Users\Coco.Contagious\Desktop\B A B Y S I T T E R G E S U C H T.docx [2010.11.23 17:27:35 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2010.12.14 18:52:56 | 001,364,101 | ---- | C] () -- C:\Users\Coco.Contagious\Desktop\aesetup2.5.zip [2010.12.14 18:47:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.12 23:33:45 | 000,015,225 | ---- | C] () -- C:\Users\Coco.Contagious\Desktop\Handbuch EDV.docx [2010.12.12 20:53:22 | 000,000,425 | ---- | C] () -- C:\Users\Coco.Contagious\Desktop\help.php [2010.12.12 16:35:29 | 000,000,722 | ---- | C] () -- C:\Users\Coco.Contagious\Desktop\header2.php [2010.12.12 16:35:15 | 000,000,722 | ---- | C] () -- C:\Users\Coco.Contagious\Desktop\header1.php [2010.12.12 04:54:44 | 000,070,670 | --S- | C] () -- C:\Users\Coco.Contagious\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bffoqodd.exe [2010.12.06 22:41:27 | 000,010,729 | ---- | C] () -- C:\Users\Coco.Contagious\Desktop\Kindergartenstunden.xlsx [2010.12.06 22:15:51 | 000,010,185 | ---- | C] () -- C:\Users\Coco.Contagious\Desktop\abi_berechnung.docx [2010.11.28 12:13:38 | 000,000,031 | ---- | C] () -- C:\Windows\tkkg_3.ini [2010.11.28 12:13:30 | 000,182,528 | ---- | C] () -- C:\Windows\PI.EXE [2010.11.25 23:03:56 | 000,011,120 | ---- | C] () -- C:\Users\Coco.Contagious\Desktop\B A B Y S I T T E R G E S U C H T.docx [2010.04.14 15:06:28 | 000,002,688 | ---- | C] () -- C:\Windows\System32\GfKLSPService.ini [2010.04.14 15:06:28 | 000,000,080 | ---- | C] () -- C:\Windows\System32\GfKLSPServiceOff.ini [2010.02.21 21:40:31 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.03 21:14:02 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.10.25 13:15:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.08.12 10:58:19 | 000,000,033 | ---- | C] () -- C:\Users\Coco.Contagious\AppData\Roaming\pcouffin.log [2009.08.12 10:57:35 | 000,087,608 | ---- | C] () -- C:\Users\Coco.Contagious\AppData\Roaming\inst.exe [2009.08.12 10:57:35 | 000,007,887 | ---- | C] () -- C:\Users\Coco.Contagious\AppData\Roaming\pcouffin.cat [2009.08.12 10:57:35 | 000,001,144 | ---- | C] () -- C:\Users\Coco.Contagious\AppData\Roaming\pcouffin.inf [2009.06.10 08:07:19 | 000,000,680 | ---- | C] () -- C:\Users\Coco.Contagious\AppData\Local\d3d9caps.dat [2009.05.30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.05.25 07:00:35 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll [2009.05.25 07:00:35 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll [2009.05.25 06:16:53 | 000,000,308 | ---- | C] () -- C:\Windows\lexstat.ini [2009.04.27 01:24:32 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL [2009.04.27 01:24:11 | 000,210,944 | ---- | C] () -- C:\Windows\System32\D3UNINST.DLL [2009.04.27 01:24:11 | 000,032,768 | ---- | C] () -- C:\Windows\System32\IDUNINST.DLL [2009.04.05 16:55:59 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.03.10 13:46:16 | 000,126,976 | ---- | C] () -- C:\Windows\XviDplg.dll [2009.02.25 23:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009.02.10 22:06:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.07 19:13:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.02.01 18:06:35 | 000,000,067 | ---- | C] () -- C:\Windows\#1 DVD Ripper.INI [2009.01.30 21:17:05 | 000,000,022 | ---- | C] () -- C:\Windows\VFO.INI [2009.01.30 13:44:45 | 000,000,103 | ---- | C] () -- C:\Users\Coco.Contagious\AppData\Local\fusioncache.dat [2009.01.28 22:20:26 | 000,060,416 | ---- | C] () -- C:\Users\Coco.Contagious\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.28 20:41:23 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.01.28 18:33:56 | 000,011,269 | ---- | C] () -- C:\Windows\lg_up.ini [2009.01.28 16:33:28 | 000,024,064 | ---- | C] () -- C:\Users\Coco.Contagious\AppData\Roaming\UserTile.png [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.10.12 22:03:59 | 000,138,737 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.12 22:03:59 | 000,138,737 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.24 01:04:30 | 000,001,131 | ---- | C] () -- C:\Windows\lgcenter.ini [2008.06.24 00:33:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.06.24 00:23:59 | 000,000,212 | ---- | C] () -- C:\Windows\lgps.ini [2008.01.31 03:03:26 | 000,054,608 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2007.02.07 16:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2007.01.22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.10.05 11:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll [2005.09.13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll [2005.09.13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll [2005.08.09 23:13:31 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2005.08.09 23:13:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.12.2010 19:42:26 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Coco.Contagious\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 24,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 41,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 189,00 Gb Total Space | 48,23 Gb Free Space | 25,52% Space Free | Partition Type: NTFS Drive E: | 100,59 Gb Total Space | 5,94 Gb Free Space | 5,90% Space Free | Partition Type: NTFS Computer Name: LOVELYLAPTOP | User Name: Coco.Contagious | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Unstopcp] -- "C:\Program Files\Roadkil.Net\UnstopCpy_4_2_Win2K_UP.exe" "%1" * (Roadkil.Net) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03DA493F-C0B4-4FC3-B9EC-2267196F1614}" = rport=138 | protocol=17 | dir=out | app=system | "{0407477E-F4B0-4837-AF6C-92167CAF2A60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{0677AEE6-CBA5-4DCC-BAF7-668A51655953}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{129F0C1E-5471-4604-B8D0-677BD8D1AE40}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1A5DF5B7-7FE6-4936-A0F4-65499288FC87}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{21E42DCF-86C4-4852-88D0-626BD5D2F2B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{28767DDA-AC0D-452A-ACF7-00FB85B0CB8A}" = lport=2869 | protocol=6 | dir=in | app=system | "{30A2D227-9667-448A-B55F-2DA3D0EC8280}" = lport=2869 | protocol=6 | dir=in | app=system | "{35A9386B-C425-48FB-B6EA-3A5F084FF1A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3B83E050-C7D2-43FD-8DDB-E635F649CDD1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{3D1991BF-3C9F-454F-9DD2-0FBA12C839CB}" = rport=137 | protocol=17 | dir=out | app=system | "{4A54706A-D926-4FA5-B43B-6210BE07FCFD}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{4C8E799A-9801-4553-B972-B9CC130126D5}" = rport=445 | protocol=6 | dir=out | app=system | "{4F9C6403-B0BD-430C-9CAA-E941523BEB13}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{58E84F13-8432-4D7A-A210-57EBC9F987FC}" = rport=10243 | protocol=6 | dir=out | app=system | "{612F46CD-D6A2-4901-8CCC-BE01A8D58E95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7BA57A16-7D03-4C72-92B7-8DF818C5F166}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9E320C9E-2D87-4E59-BFEE-5882175A4F8E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A857D44C-1160-4DB1-8BBD-93C96D66BEBF}" = lport=137 | protocol=17 | dir=in | app=system | "{AC5BE95B-56E9-48C6-B3CB-465EB5789EA1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{AD5A2C83-5771-4CA1-9A2E-1BFE512F5D40}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AE296451-60EE-4C93-8F00-C6E23F5DD271}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B23831AE-5D42-4921-B3F0-7462837BFC58}" = lport=138 | protocol=17 | dir=in | app=system | "{BCB682BF-F848-4337-A792-186D5D5C72ED}" = lport=445 | protocol=6 | dir=in | app=system | "{BF187A6C-2F4B-404C-8B97-DD5DB4C045D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CAD02AEB-E0E8-4BA6-B7EB-9FD0A304F613}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CFF605F1-E9DF-4406-895C-739CE8F03887}" = rport=139 | protocol=6 | dir=out | app=system | "{D3E6F155-0090-41A7-8AF6-1898B4D8772F}" = lport=10243 | protocol=6 | dir=in | app=system | "{D9B65463-9EFC-4E56-8FC5-A34C65F14E52}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DB8E6AE6-EA50-4AF6-94F8-D9F96BB6AD44}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC3A2F2C-550C-46CF-A8F3-D22BB6B6BA84}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DE00A3B2-9383-4705-B563-B69E022D93E5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{F6915464-82D7-4D99-8BD4-803A4824FE1B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF654BBF-A5D0-4A5A-8F7B-551328820155}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{FFAC2D30-3AAC-462E-882D-91CCDBEA2ACC}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02CB53EA-0B01-4C24-B687-712FEC44B632}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{03825B24-0AC5-453B-938E-E5F220C2F7AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{068A3F93-C763-4EA0-8CAD-29ED0405EB99}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{17A1B86D-B5C6-44A5-8A7A-497BB2E00206}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{1F62399D-D521-49F7-9184-CD7EBA2C16E2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{2041E47B-06DA-41D8-A475-C6D67C0EF874}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{254685E3-B5E4-48EC-984F-A5E2B35BDE1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{258B454E-BAE3-4C5D-882F-F34B8354DB7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2833B371-F96A-4E8B-B16F-586825C8F048}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{34B5BD15-086C-4C0E-AEF1-6702498BA7E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{35B6350B-E00C-4C45-AB5A-F543ADB06147}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4DB69B9A-6DB7-4F36-B86B-0F4B9861820F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4E1C0300-FCAB-489C-BB55-ACAF6EE39D44}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | "{4EB46DA3-79CC-4A43-BB86-27272B9ED0F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5173017D-6A5D-4E95-8F66-7415D00246B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{60DA59C9-4358-4ADA-A824-76BC44C36977}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{66ABC39C-3B8B-4DA3-8F5E-E8E21D3EE968}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{676C0A93-8DD8-488E-BB0D-F564DF3ED78B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{68174592-9C5B-44EB-BAB9-9E1BF0BE468E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6E0BF512-750A-4D10-920E-245BBAB237D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8B61DD66-29F5-4F68-B363-B99E4B65891F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8F09B19B-E1B1-49F7-963D-F3D89F9F5D5F}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{91733746-45C2-4A5B-BA1A-D346CA05AF2C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{9540CB27-9866-487A-A5F0-3762C863D9EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{96987D98-F231-4CC8-BF71-4CAB42F480C2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{99EECED7-33CF-4783-948B-27E0D2E64ECB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9A843A4E-5779-4967-BC95-6F83DF956672}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{A7508506-F75A-41EC-83AF-A343F0B93DAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AA0BEA65-4B87-4DE7-A178-2EF8289A659A}" = protocol=6 | dir=out | app=system | "{AC62EC46-DF3E-40B2-AA1D-7F60760E7907}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{C0383C52-86EF-4425-9D64-0C9D7F9AC67A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CEA9CA53-DB0F-47D7-8D88-5E5561C90D9C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{D4079C4E-925F-4BBF-AA17-7D67DE9BC9F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DF50295A-2A84-41B1-9AD8-9BBCDAB27D95}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | "{E85B94A8-7B58-47DD-8C19-BCE7493080F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EC8C05CA-DB1E-4456-81D4-6F34B6F99450}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{28E06B4D-BBC6-4967-95D5-7CFBA0BC6CE7}C:\program files\atari\crashday\crashday.exe" = protocol=6 | dir=in | app=c:\program files\atari\crashday\crashday.exe | "TCP Query User{52276E01-A311-4A57-A3C6-E2814A58CBA9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{5F96DB57-6B84-4D29-A066-45834A1B8427}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{656E8C5D-A20D-4351-BA5B-B82E600923AE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{6A9EC834-EDD3-4D38-92AA-94903A4F6949}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{8E41F40A-0585-4DD9-961D-B7C7E43D9AC4}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{92979D7B-490F-4C29-93BF-67EF7CE6B34E}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{98158924-6DC0-4A58-B973-992C59023E0F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{9D8DE44D-D266-4429-810D-BF5EF622D87B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{B244C355-1F0B-40A3-B678-AF4FCC02D67A}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{C8BE8263-0233-4EBD-AF9A-834653DD2092}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{CCAF17C7-4EE9-4D25-B450-514658509A4E}C:\users\coco.contagious\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\coco.contagious\program files\dna\btdna.exe | "TCP Query User{D3DDBF77-12A3-400B-88F9-2547185F8FC3}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{D9A9BF3A-BD7B-434B-8EF7-261D973A7C8D}C:\users\coco.contagious\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\coco.contagious\temp\teamviewer\version4\teamviewer.exe | "UDP Query User{0C79B3AC-E9CB-460A-9D10-162659112CE6}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{133535AC-FFA3-473E-BB51-A71838789E0E}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{2E6B5B0F-73AF-4AA4-933E-CC55701CAC0D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{43924D84-2240-4B07-9867-AC5CF6683054}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{4933BAA4-EC9C-4C27-80AF-3D651D517038}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{642C5814-7AC4-4972-A0E2-C0E54AE6E2D5}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{765337B9-D0CE-4FA1-8C81-388A56D74FBD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{80594560-1DB4-4119-BBBE-1E7AF223CA37}C:\users\coco.contagious\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\coco.contagious\temp\teamviewer\version4\teamviewer.exe | "UDP Query User{9A86D0BF-6971-4840-A67B-E03C0593768B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{A55B2106-B214-4B82-9689-0D289A133F18}C:\program files\atari\crashday\crashday.exe" = protocol=17 | dir=in | app=c:\program files\atari\crashday\crashday.exe | "UDP Query User{C3C3BFEC-B993-41CE-8B94-A3E70C9BF42D}C:\users\coco.contagious\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\coco.contagious\program files\dna\btdna.exe | "UDP Query User{CDC2BD00-D098-421C-A80A-F546640E5FB3}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{CE26DF38-103F-47BD-A0A6-5C70BA1C1C46}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{EC8D0FEE-FCDF-4714-AA07-4A0A73ADDD30}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "#1 DVD Ripper" = #1 DVD Ripper 7.2.1 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21D9DC24-7826-4007-B245-5FB80ED0F682}_is1" = Ecosia Plugin 1.0 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3342BFBF-E680-4C73-ACF1-65760F88CBBA}" = webmiles-Sammelfreund "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{52B6FCEC-7146-17FC-6877-18DAE0EDF05F}" = Euro-Fahrschule 2010 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7 "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = GfK Internet-Monitor "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3 "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{831ADB7A-8882-41B1-82F7-2746FEC3FA91}" = Crazy Taxi 3 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8CFCEE46-4F58-4C2F-87C5-E4A686B38265}" = LG OSD "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9672CAD2-F310-42D6-9147-E4A4B6ED8395}" = LG Magnifier "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 4.2 "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.4.4 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5EB5FE-1EE6-49A7-9325-A970B5563BD9}" = BBBOT "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DABD50F7-0001-0002-0003-ABCDEFABCDEF}" = LG Smart Indicator "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS) "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection "Agere Systems Soft Modem" = Agere Systems HDA Modem "Autorun Eater_is1" = Autorun Eater v2.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CodecInstaller" = CodecInstaller 2.10.2 "ColorPic" = ColorPic "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009) "DVD-lab PRO 2.5_is1" = DVD-lab PRO 2.5 "EADM" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "ExpressBurn" = Express Burn "EzManual" = EzManual "FileZilla Client" = FileZilla Client 3.3.5.1 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3 "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Google Updater" = Google Updater "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery "InterBase" = InterBase 6.5 "LastFM_is1" = Last.fm 1.5.4.27091 "Lexmark X1100 Series" = Lexmark X1100 Series "LGFanModeTile" = LG Fan Mode Tile for Windows Mobility Center "LGTouchPadTile" = LG TouchPad Tile for Windows Mobility Center "Magic DVD Copier_is1" = Magic DVD Copier Version 4.9.3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "NuragoLSP" = NuragoLSP "NVIDIA Drivers" = NVIDIA Drivers "Orbit_is1" = Orbit Downloader "PokerStars.net" = PokerStars.net "Rainlendar2" = Rainlendar2 (remove only) "ShapeCollage" = Shape Collage "ShrinkTo5Basic" = ShrinkTo5Basic "SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1" = Euro-Fahrschule 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TS3 Install Helper Monkey" = TS3 Install Helper Monkey "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.8.7 "vbcpp40" = VisiBroker for Cpp 4.5 "VLC media player" = VLC media player 0.9.8a "WavePad" = WavePad Sound Editor "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19.08.2010 05:45:05 | Computer Name = LovelyLaptop | Source = WinMgmt | ID = 10 Description = Error - 19.08.2010 15:31:08 | Computer Name = LovelyLaptop | Source = MSSQL$PINNACLESYS | ID = 19011 Description = Error - 19.08.2010 15:31:23 | Computer Name = LovelyLaptop | Source = WinMgmt | ID = 10 Description = Error - 20.08.2010 02:42:51 | Computer Name = LovelyLaptop | Source = MSSQL$PINNACLESYS | ID = 19011 Description = Error - 20.08.2010 02:43:04 | Computer Name = LovelyLaptop | Source = WinMgmt | ID = 10 Description = Error - 20.08.2010 12:09:08 | Computer Name = LovelyLaptop | Source = MSSQL$PINNACLESYS | ID = 19011 Description = Error - 20.08.2010 12:09:22 | Computer Name = LovelyLaptop | Source = WinMgmt | ID = 10 Description = Error - 20.08.2010 12:11:19 | Computer Name = LovelyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.08.2010 05:44:34 | Computer Name = LovelyLaptop | Source = MSSQL$PINNACLESYS | ID = 19011 Description = Error - 21.08.2010 05:44:40 | Computer Name = LovelyLaptop | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 25.05.2009 01:53:09 | Computer Name = LovelyLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1783 seconds with 120 seconds of active time. This session ended with a crash. Error - 15.06.2009 13:53:48 | Computer Name = LovelyLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 23.06.2009 18:42:52 | Computer Name = LovelyLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 23.06.2009 18:42:56 | Computer Name = LovelyLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.09.2009 01:23:20 | Computer Name = LovelyLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 227 seconds with 180 seconds of active time. This session ended with a crash. Error - 09.12.2010 16:16:25 | Computer Name = LovelyLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20238 seconds with 840 seconds of active time. This session ended with a crash. [ System Events ] Error - 13.12.2010 11:22:19 | Computer Name = LovelyLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 13.12.2010 11:22:19 | Computer Name = LovelyLaptop | Source = Service Control Manager | ID = 7026 Description = Error - 13.12.2010 11:23:16 | Computer Name = LovelyLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 13.12.2010 11:27:08 | Computer Name = LovelyLaptop | Source = Service Control Manager | ID = 7030 Description = Error - 13.12.2010 11:27:09 | Computer Name = LovelyLaptop | Source = Service Control Manager | ID = 7030 Description = Error - 13.12.2010 11:29:21 | Computer Name = LovelyLaptop | Source = HTTP | ID = 15016 Description = Error - 13.12.2010 11:30:19 | Computer Name = LovelyLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 13.12.2010 11:30:19 | Computer Name = LovelyLaptop | Source = Service Control Manager | ID = 7026 Description = Error - 13.12.2010 11:33:26 | Computer Name = LovelyLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 14.12.2010 12:38:05 | Computer Name = LovelyLaptop | Source = bowser | ID = 8003 Description = [ TuneUp Events ] Error - 14.10.2010 04:21:22 | Computer Name = LovelyLaptop | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: database or disk is full; when executing SQL: UPDATE StartMenuEntries SET Outdated='1' Error - 14.10.2010 04:21:22 | Computer Name = LovelyLaptop | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: database or disk is full; when executing SQL: UPDATE SecurityProducts SET Outdated='1' Error - 14.10.2010 04:21:22 | Computer Name = LovelyLaptop | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: database or disk is full; when executing SQL: INSERT INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended, State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-10-14 10:21:22', 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps Error - 14.12.2010 13:47:24 | Computer Name = LovelyLaptop | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-14 18:47:24', '\device\harddiskvolume2\program files\malwarebytes' anti-malware\mbam.exe','9492',0) < End of report > |
15.12.2010, 13:43 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus auf SD Karte, RECYCLER - autorun.infZitat:
__________________ |
Themen zu Virus auf SD Karte, RECYCLER - autorun.inf |
adblock, adobe after effects, adware.adon, analysis, antivir, autorun.inf, avgntflt.sys, corp./icp, cs4/contributeieplugin.dll, dateien, daten, ebayshortcuts.exe, externe, festplatte, firefox.exe, gelöschte, gelöschten, gelöst, guten, hoffe, home premium, iastor.sys, indesign, install.exe, karte, laptop, location, locker, malwarebytes, meldungen, metin2, microsoft office word, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl.exe, platte, plug-in, portwexexe.exe, problem, programdata, recover, recycler, reverse, saver, scanne, scannen, sched.exe, sd karte, searchplugins, security update, sekunden, shell32.dll, skype.exe, speicher, sptd.sys, staropen, start menu, studio, third party, torrent.exe, trojan.spyeyes, trojan.zbotr.gen, usb 2.0, virus, vlc media player, wirklich, würde |