|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.01.2011, 21:37 | #31 |
| TR/Crypt.XPACK.Gen Achso =) Ja, ich habe jeden Schritt befolgt und ausgeführt. Code:
ATTFilter SystemLook 04.09.10 by jpshortstuff Log created at 21:33 on 19/01/2011 by Patrick Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="c:\progra~2\wietulopto.dat" [] Hive unrecognized. -= EOF =- Code:
ATTFilter Exported events: 19.01.2011 20:07 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADD509.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '4946978e.qua'. 19.01.2011 20:06 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADD509.exe. Action performed: Allow access 19.01.2011 16:27 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADBEFA.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '4935a206.qua'. 19.01.2011 16:26 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADBEFA.exe. Action performed: Allow access 18.01.2011 11:31 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADD01A.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '4939cd03.qua'. 18.01.2011 11:30 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADD01A.exe. Action performed: Allow access 14.01.2011 17:09 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADD9AB.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '496dd4af.qua'. 14.01.2011 17:08 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADD9AB.exe. Action performed: Allow access 14.01.2011 11:30 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EAD1F81.exe. Action performed: Allow access 12.01.2011 11:02 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADFA93.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '494ddd4b.qua'. 12.01.2011 11:00 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADFA93.exe. Action performed: Allow access |
19.01.2011, 21:45 | #32 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Okay, jetzt aber
__________________Erstelle mit Erunt bitte ein weiteres Registrybackup. Registry editieren Start--> ausführen--> notepad (reinschreiben)--> ok Kopiere nun bitte folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"=""
Erstelle dann bitte nochmal zwei neue OTL-Logs.
__________________ |
19.01.2011, 21:57 | #33 |
| TR/Crypt.XPACK.Gen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 19.01.2011 21:52:55 - Run 5 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 572,63 Gb Free Space | 61,47% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (SafeList) ========== MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)" FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.11 23:20:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M] [2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2011.01.19 19:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.01.18 19:11:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com [2011.01.18 18:56:17 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml [2011.01.18 18:56:17 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml [2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.11 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - - File not found O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.19 19:45:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.19 19:44:34 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.01.19 19:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.01.18 11:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE [2011.01.18 11:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\MustBeRandomlyNamed [2011.01.18 11:46:15 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Patrick\Desktop\RkU3.8.388.590.exe [2011.01.15 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Falkenbach [Discography] [2011.01.12 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.01.12 11:05:26 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 11:05:23 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.11 23:25:13 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.11 23:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 23:18:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.11 21:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2011.01.11 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Google [2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira [2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files - Modified Within 30 Days ========== [2011.01.19 21:51:40 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.19 21:51:40 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.19 21:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.19 21:51:35 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys [2011.01.19 21:48:01 | 000,000,144 | ---- | M] () -- C:\Users\Patrick\Desktop\regfix.reg [2011.01.19 20:52:21 | 000,012,362 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.19 17:57:05 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job [2011.01.18 19:55:39 | 000,068,096 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.18 17:41:30 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.18 17:41:08 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.17 20:59:43 | 000,629,057 | ---- | M] () -- C:\Users\Patrick\Desktop\RkU3.8.388.590.rar [2011.01.17 17:41:09 | 000,080,384 | ---- | M] () -- C:\Users\Patrick\Desktop\MBRCheck.exe [2011.01.15 13:47:21 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.15 13:47:21 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.15 13:47:21 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.15 13:47:21 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.14 13:05:53 | 001,465,501 | ---- | M] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3 [2011.01.14 12:56:43 | 000,000,852 | ---- | M] () -- C:\Users\Patrick\Desktop\mp3DirectCut.lnk [2011.01.12 20:03:14 | 235,694,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.12 19:07:02 | 000,296,448 | ---- | M] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.12 15:53:47 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc ========== Files Created - No Company Name ========== [2011.01.19 21:48:01 | 000,000,144 | ---- | C] () -- C:\Users\Patrick\Desktop\regfix.reg [2011.01.19 20:52:21 | 000,012,362 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.18 19:18:34 | 750,239,744 | ---- | C] () -- C:\Users\Patrick\Desktop\nmp_cube.avi [2011.01.17 20:59:55 | 000,629,057 | ---- | C] () -- C:\Users\Patrick\Desktop\RkU3.8.388.590.rar [2011.01.17 17:41:27 | 000,080,384 | ---- | C] () -- C:\Users\Patrick\Desktop\MBRCheck.exe [2011.01.14 13:05:52 | 001,465,501 | ---- | C] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3 [2011.01.12 19:07:01 | 000,296,448 | ---- | C] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.11 23:17:27 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc [2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi [2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm [2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.28 12:05:41 | 000,068,096 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.# [2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC [2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado [2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports [2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo [2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2 [2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools [2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro [2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.19 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2011.01.19 20:52:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0 [2011.01.19 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ [2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn [2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics [2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda [2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream [2011.01.12 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV [2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws [2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee [2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp [2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent [2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft [2011.01.19 21:50:25 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.19 17:57:05 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.01.2011 21:52:55 - Run 5 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 572,63 Gb Free Space | 61,47% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system | "{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system | "{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system | "{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system | "{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system | "{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system | "{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system | "{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system | "{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | "{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | "{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | "TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | "TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | "TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | "TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | "TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe | "TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | "TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | "TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | "TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | "TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | "TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | "TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | "TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | "TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | "TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | "TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | "UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | "UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | "UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | "UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe | "UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | "UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | "UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | "UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | "UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | "UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | "UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | "UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | "UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | "UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | "UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2 "{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II "{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABC" = ABC (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink_is1" = DVD Shrink 3.2 "EADM" = EA Download Manager "ERUNT_is1" = ERUNT 1.1j "FileZilla Client" = FileZilla Client 3.1.6 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free FLV Converter_is1" = Free FLV Converter V 6.6.1 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Hamachi" = Hamachi 1.0.1.5 "Hospital" = Theme Hospital "ImgBurn" = ImgBurn "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Miranda IM" = Miranda IM 0.8.27 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "RayV" = RayV "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "SopCast" = SopCast 3.0.3 "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TmNationsForever_is1" = TmNationsForever "TV Sponsoren 2007" = TV Sponsoren 2007 "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "UnrealTournament" = Unreal Tournament G.O.T.Y. Edition "VLC media player" = VLC media player 1.0.5 "Vtune_is1" = Vtune 6.6 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory "Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Skat-Online V7" = Skat-Online V7 "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 07:15:19 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 09:31:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1020 Anfangszeit: 01cab6e7fe4ce69f Zeitpunkt der Beendigung: 6 Error - 26.02.2010 09:32:11 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e64 Anfangszeit: 01cab6e80eda6b4f Zeitpunkt der Beendigung: 2 Error - 26.02.2010 17:27:55 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 20:16:41 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2010 07:38:18 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2010 17:16:35 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 28.02.2010 07:01:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 01.03.2010 07:15:25 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 19.01.2011 11:27:01 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.01.2011 11:27:01 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 19.01.2011 15:05:54 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016 Description = Error - 19.01.2011 15:06:49 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 19.01.2011 15:07:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.01.2011 15:07:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 19.01.2011 16:51:39 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016 Description = Error - 19.01.2011 16:52:12 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 19.01.2011 16:52:18 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.01.2011 16:52:18 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = < End of report > Erneut alle Schritte ausgeführt. =) |
19.01.2011, 22:19 | #34 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Laut den Avira Ergebnissen hast du die Datei EADD509.exe die meiste Zeit erlaubt (Action performed: Allow access). Am besten kannst du alle Avirafunde immer in Quarantäne verschieben. Da können sie nichts mehr ausrichten, aber man kann sie eventuell, wenn es sich um einen Fehlalarm handelt, auch wieder herstellen. Aber in dem Fall ist es kein Fehlalarm. 1.) Fixen mit OTL
2.) Java aktualisieren Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu. Downloade nun die Offline-Version von Java Version 6 Update 23 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 3.) Sicherheitsrisiko Adobe Acrobat Reader Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader X herunter und installiere ihn. Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren). 4.) Mozilla Firefox aktualisieren Starte Mozilla Firefox -> Hilfe -> Nach Updates suchen -> Anweisungen folgen. Und nach diesen Schritten nochmal neue OTL-Logs bitte
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
20.01.2011, 18:12 | #35 |
| TR/Crypt.XPACK.Gen Alle Schritte ausgeführt. Das mit "Access Allowed" hat mich auch schon gewundert, ich habe nämlich niemals auf irgendetwas dergleichen gedrückt! OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.01.2011 12:53:15 - Run 6 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 575,65 Gb Free Space | 61,80% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (SafeList) ========== MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)" FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.20 12:46:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.20 12:46:48 | 000,000,000 | ---D | M] [2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2011.01.20 12:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.01.18 19:11:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com [2011.01.18 18:56:17 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml [2011.01.18 18:56:17 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml [2011.01.20 12:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.11 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.01.20 12:30:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.20 12:30:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.20 12:30:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.01.20 12:44:24 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.01.20 12:46:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.01.20 12:46:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.01.20 12:46:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.01.20 12:46:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.01.20 12:46:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.20 12:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2011.01.20 12:44:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Foxit [2011.01.20 12:44:33 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2011.01.20 12:43:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.20 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.01.20 12:31:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.01.20 12:30:54 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.20 12:30:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.20 12:30:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.20 12:30:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.20 12:30:33 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.01.19 19:45:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.19 19:44:34 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.01.19 19:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.01.18 11:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE [2011.01.18 11:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\MustBeRandomlyNamed [2011.01.18 11:46:15 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Patrick\Desktop\RkU3.8.388.590.exe [2011.01.15 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Falkenbach [Discography] [2011.01.12 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.01.12 11:05:26 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 11:05:23 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.11 23:25:13 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.11 23:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 21:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2011.01.11 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Google [2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira [2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files - Modified Within 30 Days ========== [2011.01.20 12:51:15 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.20 12:51:14 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.20 12:51:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.20 12:51:06 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys [2011.01.20 12:45:01 | 000,000,202 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url [2011.01.20 12:30:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.20 12:30:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.20 12:30:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.20 12:30:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.20 11:47:12 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.20 11:46:59 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.19 21:48:01 | 000,000,144 | ---- | M] () -- C:\Users\Patrick\Desktop\regfix.reg [2011.01.19 20:52:21 | 000,012,362 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.19 17:57:05 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job [2011.01.18 19:55:39 | 000,068,096 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.17 20:59:43 | 000,629,057 | ---- | M] () -- C:\Users\Patrick\Desktop\RkU3.8.388.590.rar [2011.01.17 17:41:09 | 000,080,384 | ---- | M] () -- C:\Users\Patrick\Desktop\MBRCheck.exe [2011.01.15 13:47:21 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.15 13:47:21 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.15 13:47:21 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.15 13:47:21 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.14 13:05:53 | 001,465,501 | ---- | M] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3 [2011.01.14 12:56:43 | 000,000,852 | ---- | M] () -- C:\Users\Patrick\Desktop\mp3DirectCut.lnk [2011.01.12 20:03:14 | 235,694,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.12 19:07:02 | 000,296,448 | ---- | M] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.12 15:53:47 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc ========== Files Created - No Company Name ========== [2011.01.20 12:45:01 | 000,000,202 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url [2011.01.19 21:48:01 | 000,000,144 | ---- | C] () -- C:\Users\Patrick\Desktop\regfix.reg [2011.01.19 20:52:21 | 000,012,362 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.18 19:18:34 | 750,239,744 | ---- | C] () -- C:\Users\Patrick\Desktop\nmp_cube.avi [2011.01.17 20:59:55 | 000,629,057 | ---- | C] () -- C:\Users\Patrick\Desktop\RkU3.8.388.590.rar [2011.01.17 17:41:27 | 000,080,384 | ---- | C] () -- C:\Users\Patrick\Desktop\MBRCheck.exe [2011.01.14 13:05:52 | 001,465,501 | ---- | C] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3 [2011.01.12 19:07:01 | 000,296,448 | ---- | C] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.11 23:17:27 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc [2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi [2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm [2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.28 12:05:41 | 000,068,096 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.# [2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC [2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado [2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports [2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo [2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2 [2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools [2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro [2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.19 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2011.01.20 12:44:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Foxit [2011.01.19 20:52:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0 [2011.01.20 12:52:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ [2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn [2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics [2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda [2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream [2011.01.12 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV [2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws [2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee [2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp [2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent [2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft [2011.01.20 12:47:19 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.19 17:57:05 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.01.2011 12:53:15 - Run 6 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 575,65 Gb Free Space | 61,80% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system | "{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system | "{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system | "{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system | "{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system | "{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system | "{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system | "{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system | "{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | "{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | "{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | "TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | "TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | "TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | "TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | "TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe | "TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | "TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | "TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | "TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | "TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | "TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | "TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | "TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | "TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | "TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | "TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | "UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | "UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | "UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | "UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe | "UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | "UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | "UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | "UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | "UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | "UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | "UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | "UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | "UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | "UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | "UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2 "{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II "{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABC" = ABC (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink_is1" = DVD Shrink 3.2 "EADM" = EA Download Manager "ERUNT_is1" = ERUNT 1.1j "FileZilla Client" = FileZilla Client 3.1.6 "Foxit Reader" = Foxit Reader "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free FLV Converter_is1" = Free FLV Converter V 6.6.1 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Hamachi" = Hamachi 1.0.1.5 "Hospital" = Theme Hospital "ImgBurn" = ImgBurn "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Miranda IM" = Miranda IM 0.8.27 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "RayV" = RayV "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "SopCast" = SopCast 3.0.3 "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TmNationsForever_is1" = TmNationsForever "TV Sponsoren 2007" = TV Sponsoren 2007 "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "UnrealTournament" = Unreal Tournament G.O.T.Y. Edition "VLC media player" = VLC media player 1.0.5 "Vtune_is1" = Vtune 6.6 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory "Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Skat-Online V7" = Skat-Online V7 "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 07:15:19 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 09:31:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1020 Anfangszeit: 01cab6e7fe4ce69f Zeitpunkt der Beendigung: 6 Error - 26.02.2010 09:32:11 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e64 Anfangszeit: 01cab6e80eda6b4f Zeitpunkt der Beendigung: 2 Error - 26.02.2010 17:27:55 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 20:16:41 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2010 07:38:18 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2010 17:16:35 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 28.02.2010 07:01:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 01.03.2010 07:15:25 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 20.01.2011 07:28:12 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.01.2011 07:28:12 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 20.01.2011 07:31:14 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 20.01.2011 07:43:49 | Computer Name = Patrick-PC | Source = DCOM | ID = 10005 Description = Error - 20.01.2011 07:43:49 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7009 Description = Error - 20.01.2011 07:43:49 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.01.2011 07:51:12 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016 Description = Error - 20.01.2011 07:52:29 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.01.2011 07:52:29 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 20.01.2011 07:53:01 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > |
20.01.2011, 20:45 | #36 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Hast du in der Zwischenzeit noch weitere Meldungen von Avira bekommen? Bitte erneut die Registry sichern. 1.) Registry editieren Lösche bitte die vorherigen regfix.reg Dateien vom Desktop. Start--> ausführen--> notepad (reinschreiben)--> ok Kopiere nun bitte folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll"
2.) Malwarebytes Antimalware
3.) Eset Online Scan ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
4.) Windowsupdates Besuche bitte mit dem Internet Explorer die Microsoftupdate-Seite und lade dir über die Benutzerdefinierte Suche alle angebotenen Updates herunter. Alternativ kannst du dir die Updates auch mit dem Mozilla Firefox laden, du benötigst dafür aber das AddOn IE View. Ganz wichtig: Service Pack 2 und Internet Explorer 8 (auch wenn du ihn nicht als Standartbrowser nutzt, sollte er immer aktuell sein) In Zukunft solltest du mehr Wert auf ein aktuelles Betriebssystem und sonstige aktuelle Software legen. Soviele Lücken wie du hattest (und grad auch immer noch hast) kann man mit einem offenen Scheunentor für Malware vergleichen! Die kann quasi einfach hineinspazieren. Du solltest nach dem Updaten schauen, ob bei dir die automatischen Windows-Updates aktiviert sind, wie du das nachsehen und ggfs umstellen kannst erfährst du HIER. Das macht das Aktualisieren schon mal einfacher.
__________________ --> TR/Crypt.XPACK.Gen |
23.01.2011, 16:25 | #37 |
| TR/Crypt.XPACK.GenCode:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5570 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 22.01.2011 14:46:17 mbam-log-2011-01-22 (14-46-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|K:\|) Durchsuchte Objekte: 294284 Laufzeit: 46 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Patrick\documents\ICQ\214433994\receivedfiles\83575811 christoph\fff-ea191.exe (Trojan.Orsam) -> Quarantined and deleted successfully. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=c829dbdd0673614eaeb7781e646c400e # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-01-22 03:02:02 # local_time=2011-01-22 04:02:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 98852 32241398 175757 0 # compatibility_mode=5892 16776573 100 100 102108 133237551 0 0 # compatibility_mode=8192 67108863 100 0 3863 3863 0 0 # scanned=167577 # found=3 # cleaned=0 # scan_time=3673 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I |
23.01.2011, 16:47 | #38 |
/// Helfer-Team | TR/Crypt.XPACK.GenCode:
ATTFilter c:\Users\Patrick\documents\ICQ\214433994\receivedfiles\83575811 christoph\fff-ea191.exe Ich muss es immer sicher wissen was Avira gefunden hat, also nochmal folgendes machen bitte: 1.) Avira Antivir - Was wurde gefunden? Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
2.) Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Mache dann noch einen Scan mit Avira Antivir und poste das Logfile.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
26.01.2011, 12:36 | #39 |
| TR/Crypt.XPACK.Gen Die Datei ist ein Key-Generator für ein Programm, bei dem ich meinen richtigen Schlüssel verloren hatte. Code:
ATTFilter Exported events: 24.01.2011 01:13 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADF758.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '490460c0.qua'. 24.01.2011 01:12 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADF758.exe. Action performed: Allow access 23.01.2011 12:19 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADC3EA.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '490baa4e.qua'. 23.01.2011 12:17 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADC3EA.exe. Action performed: Allow access 22.01.2011 14:50 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADBC2.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '48c64448.qua'. 22.01.2011 14:49 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADBC2.exe. Action performed: Allow access 22.01.2011 14:46 [Scanner] Malware found The file 'C:\_OTL\MovedFiles\01112011_232513\C_ProgramData\wietulopto.tmp' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '497b412e.qua'. 22.01.2011 14:45 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\_OTL\MovedFiles\01112011_232513\C_ProgramData\wietulopto.tmp. Action performed: Deny access 22.01.2011 14:21 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EADBAC6.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '49497e88.qua'. 22.01.2011 14:20 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EAD92DC.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '485f7d75.qua'. 22.01.2011 14:15 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EADBAC6.exe. Action performed: Deny access 22.01.2011 14:15 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EAD92DC.exe. Action performed: Deny access 22.01.2011 13:57 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EAD978D.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '480870c3.qua'. 22.01.2011 13:55 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EAD978D.exe. Action performed: Allow access 22.01.2011 02:09 [Scanner] Malware found The file 'C:\Users\Patrick\AppData\Local\Temp\EAD9E60.exe' contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '494a8a3b.qua'. 22.01.2011 02:08 [Guard] Malware found Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\Users\Patrick\AppData\Local\Temp\EAD9E60.exe. Action performed: Allow access |
26.01.2011, 13:18 | #40 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Aha, ein Keygen Wie du siehst ist dieser verseucht, also tu dir selber den Gefallen und nutze sowas nicht mehr in Zukunft. Eigentlich stellen wir bei sowas die Bereinigung ein und posten nur noch einen Hinweis zum Neuaufsetzen, ganz egal aus welchem Grund du einen Keygen benutzt. Aber du hast Glück, denn wir sind eh sogut wie durch und die Sonne scheint bei mir grade auch noch ins Zimmer. Also hier die abschliessenden Schritte: 1.) Einstellungen zurücksetzen Die Einstellungen aus Post 6 Schritt 3 kannst du nun wieder rückgängig machen. 2.) Systemwiederherstellung leeren
3.) Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell. Und für die Zukunft: Sicherheit im Internet Leg wie gesagt mehr Wert auf ein aktuelles System und lass die Keygens weg, auch wenn du tatsächlich nur deinen eigenen Schlüssel verloren hast. Keygens sind oftmals total verseucht!
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
Themen zu TR/Crypt.XPACK.Gen |
antivir, arbeiten, bereits, datei, erkennt, erscheint, folge, folgende, funktionsfähige, gestern, lösung, malware, meldung, neuling, nichts, programdata, richtig, schei, schädliche, sekunden, sofort, ständige, tr/crypt.xpack.ge, tr/crypt.xpack.gen, viren, virus, wenige |