| |
| |||||||
Log-Analyse und Auswertung: Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.02.2011, 14:56
| #1 |
| |  Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! Ich habe folgendes Problem: Immer wenn ich ein Spiel starte, wird der Bildschirm nach c.a 2 Stunden schwarz und dann schaltet sich mein Laptop aus! Es ist schon öfters passiert und es liegt nicht am Akku, denn der ist immer auf 100%. Hier ist der HiJack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:43:20, on 12.02.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\3DataManager\3DataManager.exe C:\Windows\system32\conime.exe C:\Program Files\3DataManager\bmctl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe C:\Windows\explorer.exe C:\Users\Karim\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Presario&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Presario&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Presario&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: hxxp://legendmt2.eu/ l2testauthd.lineage2.com O1 - Hosts: hxxp://legendmt2.eu/ l2authd.lineage2.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [antinetcut2] C:\Program Files\Anti Netcut\Anti NetCut.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: IMVU.lnk = C:\Users\Karim\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Karim\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{956E0340-6160-46C6-A539-49AAFB74F05B}: NameServer = 213.94.78.17 213.94.78.16 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: DVBHRoutingManager - Unknown owner - C:\Program Files\3DataManager\Drivers\ZTE MF635\Drivers\32bit\VISTA\DVBHRoutingVista.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: WTGService - Unknown owner - C:\Program Files\3DataManager\WTGService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10978 bytes Ich erbitte Hilfe! So kann das nicht weitergehen.  |
|
12.02.2011, 19:39
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte!Zitat:
Spiel ist geheim genauso geheim ist wohl der Hersteller und das Modell des Notebooks?  http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
16.02.2011, 20:09
| #3 |
| | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! Also: Er hat's jetzt wieder öfters gemacht.
__________________Ich spiele 2 - 3 Stunden "Florensia" und dann verdunkelt der Bildschirm, wird komplett schwarz, der Laptop läuft paar Sekunden weiter obwohl der Bildschirm schwarz ist und er schaltet sich anschließend aus. Der Laptop ist COMPAQ von HP. Habe Windows Vista drauf.  |
|
16.02.2011, 20:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.02.2011, 21:40
| #5 |
| | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! Hier ist der Log von Malwarebytes, die 2 Schädlinge habe ich entfernt: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5809 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 19.02.2011 21:28:15 mbam-log-2011-02-19 (21-28-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 227808 Laufzeit: 1 Stunde(n), 50 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\$RECYCLE.BIN\s-1-5-21-3855974512-3971395812-980607087-1000\$RJEAG9P.exe (Trojan.Agent) -> No action taken. c:\$RECYCLE.BIN\s-1-5-21-3855974512-3971395812-980607087-1000\$RP32ULI.54b\ibot_v1.0.54b client_v1.229 by elmosekar (silkroad4arab)\iBot.exe (Trojan.Agent) -> No action taken. Das andere mache ich morgen.  |
|
20.02.2011, 00:03
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte!Zitat:
__________________ --> Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! |
|
20.02.2011, 14:10
| #7 |
| | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! k.A. denke es ist ein Bot vom Spiel Silkroad, den mein Bruder gedownloaded hat. ^^ |
|
20.02.2011, 14:36
| #8 |
| | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! So, hier sind die 2 OTL Logs:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.02.2011 14:13:55 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Karim\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,23 Gb Total Space | 326,58 Gb Free Space | 71,74% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,73 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
Computer Name: KARIM-PC | User Name: Karim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1530C2FA-59A2-4B8A-AE76-0BC51B0ED245}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{1705F3A1-7BFD-4A80-9F2A-2A8FFF15B9FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{280C79D4-9CA8-46B8-9F3F-3741F72BF0C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{29472908-486F-44AC-8A14-3BC979EF0DC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37EDB25D-85E9-44F9-9B2A-8750ACB1588F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47C2C565-E9A6-42E0-84FE-F1F9FF882DCE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{504E1687-F7E3-4781-ADE5-BE077E021F76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5890A7DD-38A2-492F-8B39-7B952802D82E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{65BB8D08-B92A-4108-8ECA-4995CC4BAEB8}" = lport=445 | protocol=6 | dir=in | app=system |
"{699EE054-B177-4C46-9FAA-5354079393F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6DB0E099-947A-42B9-A7DC-8A36DBC5EC7D}" = rport=138 | protocol=17 | dir=out | app=system |
"{6F7E7567-FC9A-436F-9DBF-E50F5E932B86}" = rport=137 | protocol=17 | dir=out | app=system |
"{89CE180F-CC9B-42F6-96CB-6C2C7AFCD531}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8D0A7D30-7782-4A91-946C-23BD2C5A6F41}" = rport=139 | protocol=6 | dir=out | app=system |
"{91CB11BB-32C2-407C-8D81-65A767699102}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D248939-BEC6-44A9-90B5-18A00B5A17E3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9ED4F1BC-FB4D-43B5-884F-AD17835700AB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A3ECD0B5-5363-4A79-AE17-1142B9156422}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A40B6B46-9F8C-41D9-BC2F-9A01738FB5C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8717527-4A08-4CBB-BA0A-464DF3629B36}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |
"{D0B32267-C32D-4A5D-9385-B93B0493A032}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D7F2831F-227D-48A4-A161-4600EF99C7F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EE9E6DD5-F0D5-4CAE-AA60-7A1C7E62F377}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FA8386B0-6A53-4F6F-9D0C-11AF7B10C5EC}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CFFAD5-C5D6-449D-ABC1-C80BB1E8C29A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{19F658CF-41DC-4BB2-A952-27C94D44E382}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1CCC9D24-6C6B-43AE-82A1-DC29629E579B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2A5915C4-BD05-4C49-9B16-58C7B88C9699}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DF7D3D8-E986-4B15-9022-67A4B85E3D7B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{31A0B2A1-F652-4CBC-84DC-E47CCD16D3E6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{367D5232-A341-4A44-916C-620CCA9A5D7D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4B48C39A-9DDC-4E7E-BF85-3CC0B7EAC2F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D949DBB-C8EE-4348-ACBC-DFD8168C30DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4E977D57-3485-4F3A-BBE4-BE16C6E08B0A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{5046B6BB-34D3-4578-9324-316935A4CAE3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{504B51C3-16A1-468A-8D29-86956FAFBFD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{698C32E4-D0B1-4B46-BE7B-30B08D2A320B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{702CDF84-639C-4B79-B050-2A66D8850D7B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{75D6B5D7-ECE5-46B8-8AFC-E49CADC1CA36}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78A6CB16-B9FE-4F4B-B7FA-89301FB8D5CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7A33D046-16BA-402F-9CEF-49D1C79E1539}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{80CE01FF-D78B-46EC-83C9-1334E8E979E6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{867F20BD-8506-435A-AB73-355B1B8ABD84}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{87B32A30-1D39-42F5-8D9E-BCA74475B591}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{926EFF61-79A1-4ABE-8569-CAF50D089450}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9A371091-8627-4831-888E-722CFA8C1674}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A324C0F8-7BCD-4E49-B296-66153C3BF741}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A721B715-847F-4675-8A95-3E87A633EB17}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B534E4DD-FD2B-42BB-ACAE-5C6A9C638480}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B8073CBA-DEBC-441D-AAA8-B99F28F6899A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C3F46C1C-91F2-4730-93DF-0DDC204BBE5F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4234236-BF2F-42BD-9B9D-BD03878637D0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C47803A0-AF67-4CE0-B7F4-0FD790D75BF2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD4E10B6-F21D-49E3-A28D-3F3EB88ED67E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{2ABBD3DA-4DB1-4670-87D1-36E67BB9D30C}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{2F52F55C-9C3E-4011-AAF9-CAEFE039BD25}C:\users\karim\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\karim\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{443047EF-EAF9-465F-A6B7-3F36F4277B0A}C:\spiele\legend metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\spiele\legend metin2\metin2client.bin |
"TCP Query User{958109F7-8109-4B82-B520-93FD70362C22}C:\spiele\emerald viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\spiele\emerald viewer\slvoice.exe |
"TCP Query User{970323AA-341D-47E7-931F-CCEB6824E2BE}C:\spiele\legend metin2\metin2.exe" = protocol=6 | dir=in | app=c:\spiele\legend metin2\metin2.exe |
"TCP Query User{AB4F43F4-E398-47C1-9E4F-A4EB6A3F3F1E}C:\users\karim\appdata\local\microsoft\windows\temporary internet files\content.ie5\3dm3ruwc\sro_l6_full_client_downloader[1].exe" = protocol=6 | dir=in | app=c:\users\karim\appdata\local\microsoft\windows\temporary internet files\content.ie5\3dm3ruwc\sro_l6_full_client_downloader[1].exe |
"TCP Query User{BDC66D87-FFAF-4D97-A3BC-3C9CE938D9BA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{D4661E2C-4CD4-4F73-B7ED-3338CE2AD6AD}C:\users\karim\downloads\sro_l6_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\karim\downloads\sro_l6_full_client_downloader.exe |
"TCP Query User{EC59CF6E-1A22-49D0-94B0-AF273AF106F0}C:\spiele\legend metin2\metin2.exe" = protocol=6 | dir=in | app=c:\spiele\legend metin2\metin2.exe |
"UDP Query User{3F9DDF68-BD75-40B9-99CC-609BAD83E37F}C:\users\karim\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\karim\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{6558E1C4-3AA4-40F7-8283-2C95EFDA0079}C:\spiele\legend metin2\metin2.exe" = protocol=17 | dir=in | app=c:\spiele\legend metin2\metin2.exe |
"UDP Query User{768FCFBC-91DF-4B29-8D57-58A129C28C13}C:\users\karim\appdata\local\microsoft\windows\temporary internet files\content.ie5\3dm3ruwc\sro_l6_full_client_downloader[1].exe" = protocol=17 | dir=in | app=c:\users\karim\appdata\local\microsoft\windows\temporary internet files\content.ie5\3dm3ruwc\sro_l6_full_client_downloader[1].exe |
"UDP Query User{8E4A2BE5-6EB8-4618-8967-AA3A5968EC3C}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{9DE8F167-AB20-4815-8335-DD66E39C2FEA}C:\spiele\legend metin2\metin2.exe" = protocol=17 | dir=in | app=c:\spiele\legend metin2\metin2.exe |
"UDP Query User{B7BFB843-417E-4189-A58C-E954500DDCF0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{EDC76E21-458D-427E-A524-843783BBD47B}C:\users\karim\downloads\sro_l6_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\karim\downloads\sro_l6_full_client_downloader.exe |
"UDP Query User{F93FDFBE-8CC1-421F-B18E-23DAC4C0784D}C:\spiele\legend metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\spiele\legend metin2\metin2client.bin |
"UDP Query User{FE636F72-D0F3-4ADE-9274-A41F8DF43437}C:\spiele\emerald viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\spiele\emerald viewer\slvoice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3DataManager" = 3DataManager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"AOL Toolbar" = AOL Toolbar 5.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Cross Fire_is1" = Cross Fire En
"Feeding Frenzy 2" = Feeding Frenzy 2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"NVIDIA Drivers" = NVIDIA Drivers
"Silkroad" = Silkroad
"ST6UNST #1" = Anti Netcut 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.02.2011 11:38:22 | Computer Name = Karim-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.02.2011 12:14:58 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 12:14:58 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 12:45:26 | Computer Name = Karim-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.02.2011 13:31:37 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 13:31:37 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 14:53:21 | Computer Name = Karim-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.02.2011 15:27:04 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 15:27:04 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 19.02.2011 04:39:35 | Computer Name = Karim-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.02.2011 10:37:50 | Computer Name = Karim-PC | Source = DCOM | ID = 10010
Description =
Error - 19.02.2011 10:42:41 | Computer Name = Karim-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.02.2011 um 15:41:14 unerwartet heruntergefahren.
Error - 19.02.2011 10:43:55 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.02.2011 12:14:03 | Computer Name = Karim-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.02.2011 um 17:00:36 unerwartet heruntergefahren.
Error - 19.02.2011 12:17:57 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.02.2011 12:17:57 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 19.02.2011 14:16:46 | Computer Name = Karim-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.02.2011 um 18:36:57 unerwartet heruntergefahren.
Error - 19.02.2011 14:17:40 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.02.2011 16:32:20 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.02.2011 05:50:27 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Der Zweite:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.02.2011 14:13:55 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Karim\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,23 Gb Total Space | 326,58 Gb Free Space | 71,74% Space Free | Partition Type: NTFS Drive D: | 10,53 Gb Total Space | 1,73 Gb Free Space | 16,46% Space Free | Partition Type: NTFS Computer Name: KARIM-PC | User Name: Karim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Karim\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Safari\Safari.exe (Apple Inc.) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\3DataManager\Drivers\ZTE MF635\Drivers\32bit\VISTA\DVBHRoutingVista.exe () PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\3DataManager\WTGService.exe () PRC - C:\Programme\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH) PRC - C:\Programme\3DataManager\bmctl.exe (Bytemobile, Inc.) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\SMINST\BLService.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Karim\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll () SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (DVBHRoutingManager) -- C:\Programme\3DataManager\Drivers\ZTE MF635\Drivers\32bit\VISTA\DVBHRoutingVista.exe () SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WTGService) -- C:\Programme\3DataManager\WTGService.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe () SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (ZTEusbdvbh) -- C:\Windows\System32\drivers\ZTEusbdvbh.sys (ZTE Incorporated) DRV - (smsbda) -- C:\Windows\System32\drivers\smsbda.sys (Siano) DRV - (smsndis) -- C:\Windows\System32\drivers\smsndis.sys (Siano) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN By Compaq IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN By Compaq IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN By Compaq IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "IMBooster4web-en Customized Web Search" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.2 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\3-addons\addon [2010.06.27 19:24:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.15 13:09:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.15 13:09:38 | 000,000,000 | ---D | M] [2010.08.19 00:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karim\AppData\Roaming\mozilla\Extensions [2010.08.01 07:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karim\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2011.02.19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions [2010.11.02 14:58:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.21 01:24:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.17 20:35:33 | 000,000,000 | ---D | M] () -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions\fbdislike@doweb.fr [2011.01.09 18:38:23 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions\piclens@cooliris.com [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.10 16:29:17 | 000,000,935 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: ~LegendMT2~ l2testauthd.lineage2.com O1 - Hosts: ~LegendMT2~ l2authd.lineage2.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [antinetcut2] File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Karim\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{17d5f75a-8b5a-11df-9ea6-001f16e1de90}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{17d5f75a-8b5a-11df-9ea6-001f16e1de90}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{84e8f6fc-1536-11e0-98e6-d25a49252e9c}\Shell - "" = AutoRun O33 - MountPoints2\{84e8f6fc-1536-11e0-98e6-d25a49252e9c}\Shell\AutoRun\command - "" = G:\ICM_ML.exe O33 - MountPoints2\{a58f4ae3-8eaa-11df-ab2e-001f16e1de90}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{ee782ea2-d6cf-11df-a686-001f16e1de90}\Shell - "" = AutoRun O33 - MountPoints2\{ee782ea2-d6cf-11df-a686-001f16e1de90}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.19 16:27:39 | 000,000,000 | ---D | C] -- C:\Users\Karim\AppData\Roaming\Malwarebytes [2011.02.19 16:27:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.19 16:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.19 16:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.19 16:27:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.19 16:27:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.17 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.02.17 14:43:12 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.02.17 14:43:05 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.02.11 19:43:49 | 000,000,000 | ---D | C] -- C:\Users\Karim\Desktop\iPhone4 [2011.02.09 22:04:25 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 22:04:17 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 22:04:15 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 22:04:05 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 22:04:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.09 22:03:47 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 22:03:47 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 22:03:47 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 22:03:45 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 22:03:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 22:03:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 22:03:44 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 22:03:43 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 22:03:42 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 22:03:42 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 22:03:41 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 22:03:40 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 22:03:39 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 22:03:38 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 22:03:38 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 22:03:37 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 22:03:35 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 22:03:34 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 22:03:33 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 22:03:32 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 22:03:32 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 22:03:32 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 22:03:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 22:03:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 22:03:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 22:02:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 22:02:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 22:02:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 22:02:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 22:02:23 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 22:02:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 22:02:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 22:02:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 22:02:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 22:02:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 22:02:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 22:02:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 22:02:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 22:02:22 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 22:02:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 22:02:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 22:02:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.06 12:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Safari [2011.01.31 19:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrossFire ========== Files - Modified Within 30 Days ========== [2011.02.20 12:48:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 12:48:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 10:49:11 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011.02.20 10:48:34 | 000,007,808 | ---- | M] () -- C:\Users\Karim\AppData\Local\d3d9caps.dat [2011.02.20 10:48:27 | 000,048,063 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.02.20 10:48:24 | 000,048,063 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.02.20 10:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.20 10:48:03 | 2951,049,216 | -HS- | M] () -- C:\hiberfil.sys [2011.02.19 21:18:14 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.19 21:18:14 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.19 21:18:14 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.19 21:18:14 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.19 16:27:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.17 14:46:13 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.10 18:27:10 | 000,314,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.08 16:36:46 | 000,020,104 | ---- | M] () -- C:\Users\Karim\Documents\Michael Jackson.docx [2011.02.06 12:45:43 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.01.26 16:17:46 | 000,015,297 | ---- | M] () -- C:\Users\Karim\Documents\Die Dampfmaschine.docx [2011.01.23 18:12:48 | 000,024,576 | ---- | M] () -- C:\Users\Karim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2011.02.19 16:27:15 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.17 14:46:13 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.08 16:36:44 | 000,020,104 | ---- | C] () -- C:\Users\Karim\Documents\Michael Jackson.docx [2011.02.06 12:45:43 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2011.02.06 12:45:43 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2011.01.26 16:17:45 | 000,015,297 | ---- | C] () -- C:\Users\Karim\Documents\Die Dampfmaschine.docx [2010.12.29 13:28:07 | 000,000,552 | ---- | C] () -- C:\Users\Karim\AppData\Local\d3d8caps.dat [2010.12.18 12:35:28 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt [2010.08.01 09:14:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.17 01:01:50 | 000,024,576 | ---- | C] () -- C:\Users\Karim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.28 12:43:06 | 000,007,808 | ---- | C] () -- C:\Users\Karim\AppData\Local\d3d9caps.dat [2010.06.27 19:58:38 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2010.06.27 19:58:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2010.06.27 19:57:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2010.06.27 19:57:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2010.06.27 19:55:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2010.06.27 19:54:10 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini [2010.06.27 19:33:56 | 000,048,063 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.06.27 19:33:37 | 000,048,063 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.06.27 19:18:04 | 000,000,000 | ---- | C] () -- C:\Users\Karim\AppData\Local\QSwitch.txt [2010.06.27 19:18:04 | 000,000,000 | ---- | C] () -- C:\Users\Karim\AppData\Local\DSwitch.txt [2010.06.27 19:18:04 | 000,000,000 | ---- | C] () -- C:\Users\Karim\AppData\Local\AtStart.txt [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008.10.26 15:52:31 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2008.10.26 15:46:59 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2008.10.26 15:45:01 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2008.10.26 15:43:41 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.01 07:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.11.01 07:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.08.02 22:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:F63A059B < End of report > |
|
20.02.2011, 14:37
| #9 |
| | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! So, hier sind die 2 OTL Logs: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.02.2011 14:13:55 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Karim\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,23 Gb Total Space | 326,58 Gb Free Space | 71,74% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,73 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
Computer Name: KARIM-PC | User Name: Karim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1530C2FA-59A2-4B8A-AE76-0BC51B0ED245}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{1705F3A1-7BFD-4A80-9F2A-2A8FFF15B9FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{280C79D4-9CA8-46B8-9F3F-3741F72BF0C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{29472908-486F-44AC-8A14-3BC979EF0DC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37EDB25D-85E9-44F9-9B2A-8750ACB1588F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47C2C565-E9A6-42E0-84FE-F1F9FF882DCE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{504E1687-F7E3-4781-ADE5-BE077E021F76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5890A7DD-38A2-492F-8B39-7B952802D82E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{65BB8D08-B92A-4108-8ECA-4995CC4BAEB8}" = lport=445 | protocol=6 | dir=in | app=system |
"{699EE054-B177-4C46-9FAA-5354079393F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6DB0E099-947A-42B9-A7DC-8A36DBC5EC7D}" = rport=138 | protocol=17 | dir=out | app=system |
"{6F7E7567-FC9A-436F-9DBF-E50F5E932B86}" = rport=137 | protocol=17 | dir=out | app=system |
"{89CE180F-CC9B-42F6-96CB-6C2C7AFCD531}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8D0A7D30-7782-4A91-946C-23BD2C5A6F41}" = rport=139 | protocol=6 | dir=out | app=system |
"{91CB11BB-32C2-407C-8D81-65A767699102}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D248939-BEC6-44A9-90B5-18A00B5A17E3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9ED4F1BC-FB4D-43B5-884F-AD17835700AB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A3ECD0B5-5363-4A79-AE17-1142B9156422}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A40B6B46-9F8C-41D9-BC2F-9A01738FB5C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8717527-4A08-4CBB-BA0A-464DF3629B36}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |
"{D0B32267-C32D-4A5D-9385-B93B0493A032}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D7F2831F-227D-48A4-A161-4600EF99C7F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EE9E6DD5-F0D5-4CAE-AA60-7A1C7E62F377}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FA8386B0-6A53-4F6F-9D0C-11AF7B10C5EC}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CFFAD5-C5D6-449D-ABC1-C80BB1E8C29A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{19F658CF-41DC-4BB2-A952-27C94D44E382}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1CCC9D24-6C6B-43AE-82A1-DC29629E579B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2A5915C4-BD05-4C49-9B16-58C7B88C9699}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DF7D3D8-E986-4B15-9022-67A4B85E3D7B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{31A0B2A1-F652-4CBC-84DC-E47CCD16D3E6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{367D5232-A341-4A44-916C-620CCA9A5D7D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4B48C39A-9DDC-4E7E-BF85-3CC0B7EAC2F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D949DBB-C8EE-4348-ACBC-DFD8168C30DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4E977D57-3485-4F3A-BBE4-BE16C6E08B0A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{5046B6BB-34D3-4578-9324-316935A4CAE3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{504B51C3-16A1-468A-8D29-86956FAFBFD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{698C32E4-D0B1-4B46-BE7B-30B08D2A320B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{702CDF84-639C-4B79-B050-2A66D8850D7B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{75D6B5D7-ECE5-46B8-8AFC-E49CADC1CA36}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78A6CB16-B9FE-4F4B-B7FA-89301FB8D5CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7A33D046-16BA-402F-9CEF-49D1C79E1539}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{80CE01FF-D78B-46EC-83C9-1334E8E979E6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{867F20BD-8506-435A-AB73-355B1B8ABD84}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{87B32A30-1D39-42F5-8D9E-BCA74475B591}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{926EFF61-79A1-4ABE-8569-CAF50D089450}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9A371091-8627-4831-888E-722CFA8C1674}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A324C0F8-7BCD-4E49-B296-66153C3BF741}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A721B715-847F-4675-8A95-3E87A633EB17}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B534E4DD-FD2B-42BB-ACAE-5C6A9C638480}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B8073CBA-DEBC-441D-AAA8-B99F28F6899A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C3F46C1C-91F2-4730-93DF-0DDC204BBE5F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4234236-BF2F-42BD-9B9D-BD03878637D0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C47803A0-AF67-4CE0-B7F4-0FD790D75BF2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD4E10B6-F21D-49E3-A28D-3F3EB88ED67E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{2ABBD3DA-4DB1-4670-87D1-36E67BB9D30C}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{2F52F55C-9C3E-4011-AAF9-CAEFE039BD25}C:\users\karim\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\karim\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{443047EF-EAF9-465F-A6B7-3F36F4277B0A}C:\spiele\legend metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\spiele\legend metin2\metin2client.bin |
"TCP Query User{958109F7-8109-4B82-B520-93FD70362C22}C:\spiele\emerald viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\spiele\emerald viewer\slvoice.exe |
"TCP Query User{970323AA-341D-47E7-931F-CCEB6824E2BE}C:\spiele\legend metin2\metin2.exe" = protocol=6 | dir=in | app=c:\spiele\legend metin2\metin2.exe |
"TCP Query User{AB4F43F4-E398-47C1-9E4F-A4EB6A3F3F1E}C:\users\karim\appdata\local\microsoft\windows\temporary internet files\content.ie5\3dm3ruwc\sro_l6_full_client_downloader[1].exe" = protocol=6 | dir=in | app=c:\users\karim\appdata\local\microsoft\windows\temporary internet files\content.ie5\3dm3ruwc\sro_l6_full_client_downloader[1].exe |
"TCP Query User{BDC66D87-FFAF-4D97-A3BC-3C9CE938D9BA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{D4661E2C-4CD4-4F73-B7ED-3338CE2AD6AD}C:\users\karim\downloads\sro_l6_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\karim\downloads\sro_l6_full_client_downloader.exe |
"TCP Query User{EC59CF6E-1A22-49D0-94B0-AF273AF106F0}C:\spiele\legend metin2\metin2.exe" = protocol=6 | dir=in | app=c:\spiele\legend metin2\metin2.exe |
"UDP Query User{3F9DDF68-BD75-40B9-99CC-609BAD83E37F}C:\users\karim\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\karim\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{6558E1C4-3AA4-40F7-8283-2C95EFDA0079}C:\spiele\legend metin2\metin2.exe" = protocol=17 | dir=in | app=c:\spiele\legend metin2\metin2.exe |
"UDP Query User{768FCFBC-91DF-4B29-8D57-58A129C28C13}C:\users\karim\appdata\local\microsoft\windows\temporary internet files\content.ie5\3dm3ruwc\sro_l6_full_client_downloader[1].exe" = protocol=17 | dir=in | app=c:\users\karim\appdata\local\microsoft\windows\temporary internet files\content.ie5\3dm3ruwc\sro_l6_full_client_downloader[1].exe |
"UDP Query User{8E4A2BE5-6EB8-4618-8967-AA3A5968EC3C}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{9DE8F167-AB20-4815-8335-DD66E39C2FEA}C:\spiele\legend metin2\metin2.exe" = protocol=17 | dir=in | app=c:\spiele\legend metin2\metin2.exe |
"UDP Query User{B7BFB843-417E-4189-A58C-E954500DDCF0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{EDC76E21-458D-427E-A524-843783BBD47B}C:\users\karim\downloads\sro_l6_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\karim\downloads\sro_l6_full_client_downloader.exe |
"UDP Query User{F93FDFBE-8CC1-421F-B18E-23DAC4C0784D}C:\spiele\legend metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\spiele\legend metin2\metin2client.bin |
"UDP Query User{FE636F72-D0F3-4ADE-9274-A41F8DF43437}C:\spiele\emerald viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\spiele\emerald viewer\slvoice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3DataManager" = 3DataManager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"AOL Toolbar" = AOL Toolbar 5.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Cross Fire_is1" = Cross Fire En
"Feeding Frenzy 2" = Feeding Frenzy 2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"NVIDIA Drivers" = NVIDIA Drivers
"Silkroad" = Silkroad
"ST6UNST #1" = Anti Netcut 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.02.2011 11:38:22 | Computer Name = Karim-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.02.2011 12:14:58 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 12:14:58 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 12:45:26 | Computer Name = Karim-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.02.2011 13:31:37 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 13:31:37 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 14:53:21 | Computer Name = Karim-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.02.2011 15:27:04 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 18.02.2011 15:27:04 | Computer Name = Karim-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 19.02.2011 04:39:35 | Computer Name = Karim-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.02.2011 10:37:50 | Computer Name = Karim-PC | Source = DCOM | ID = 10010
Description =
Error - 19.02.2011 10:42:41 | Computer Name = Karim-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.02.2011 um 15:41:14 unerwartet heruntergefahren.
Error - 19.02.2011 10:43:55 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.02.2011 12:14:03 | Computer Name = Karim-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.02.2011 um 17:00:36 unerwartet heruntergefahren.
Error - 19.02.2011 12:17:57 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.02.2011 12:17:57 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 19.02.2011 14:16:46 | Computer Name = Karim-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.02.2011 um 18:36:57 unerwartet heruntergefahren.
Error - 19.02.2011 14:17:40 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.02.2011 16:32:20 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.02.2011 05:50:27 | Computer Name = Karim-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Der Zweite: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.02.2011 14:13:55 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Karim\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,23 Gb Total Space | 326,58 Gb Free Space | 71,74% Space Free | Partition Type: NTFS Drive D: | 10,53 Gb Total Space | 1,73 Gb Free Space | 16,46% Space Free | Partition Type: NTFS Computer Name: KARIM-PC | User Name: Karim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Karim\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Safari\Safari.exe (Apple Inc.) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\3DataManager\Drivers\ZTE MF635\Drivers\32bit\VISTA\DVBHRoutingVista.exe () PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\3DataManager\WTGService.exe () PRC - C:\Programme\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH) PRC - C:\Programme\3DataManager\bmctl.exe (Bytemobile, Inc.) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\SMINST\BLService.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Karim\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll () SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (DVBHRoutingManager) -- C:\Programme\3DataManager\Drivers\ZTE MF635\Drivers\32bit\VISTA\DVBHRoutingVista.exe () SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WTGService) -- C:\Programme\3DataManager\WTGService.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe () SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (ZTEusbdvbh) -- C:\Windows\System32\drivers\ZTEusbdvbh.sys (ZTE Incorporated) DRV - (smsbda) -- C:\Windows\System32\drivers\smsbda.sys (Siano) DRV - (smsndis) -- C:\Windows\System32\drivers\smsndis.sys (Siano) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN By Compaq IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN By Compaq IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN By Compaq IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "IMBooster4web-en Customized Web Search" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.2 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\3-addons\addon [2010.06.27 19:24:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.15 13:09:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.15 13:09:38 | 000,000,000 | ---D | M] [2010.08.19 00:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karim\AppData\Roaming\mozilla\Extensions [2010.08.01 07:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karim\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2011.02.19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions [2010.11.02 14:58:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.21 01:24:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.17 20:35:33 | 000,000,000 | ---D | M] () -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions\fbdislike@doweb.fr [2011.01.09 18:38:23 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Karim\AppData\Roaming\mozilla\Firefox\Profiles\vl0n2vad.default\extensions\piclens@cooliris.com [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU [2011.01.09 18:10:15 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.10 16:29:17 | 000,000,935 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: ~LegendMT2~ l2testauthd.lineage2.com O1 - Hosts: ~LegendMT2~ l2authd.lineage2.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [antinetcut2] File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Karim\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{17d5f75a-8b5a-11df-9ea6-001f16e1de90}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{17d5f75a-8b5a-11df-9ea6-001f16e1de90}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{84e8f6fc-1536-11e0-98e6-d25a49252e9c}\Shell - "" = AutoRun O33 - MountPoints2\{84e8f6fc-1536-11e0-98e6-d25a49252e9c}\Shell\AutoRun\command - "" = G:\ICM_ML.exe O33 - MountPoints2\{a58f4ae3-8eaa-11df-ab2e-001f16e1de90}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{ee782ea2-d6cf-11df-a686-001f16e1de90}\Shell - "" = AutoRun O33 - MountPoints2\{ee782ea2-d6cf-11df-a686-001f16e1de90}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.19 16:27:39 | 000,000,000 | ---D | C] -- C:\Users\Karim\AppData\Roaming\Malwarebytes [2011.02.19 16:27:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.19 16:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.19 16:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.19 16:27:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.19 16:27:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.17 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.02.17 14:43:12 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.02.17 14:43:05 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.02.11 19:43:49 | 000,000,000 | ---D | C] -- C:\Users\Karim\Desktop\iPhone4 [2011.02.09 22:04:25 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 22:04:17 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 22:04:15 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 22:04:05 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 22:04:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.09 22:03:47 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 22:03:47 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 22:03:47 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 22:03:45 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 22:03:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 22:03:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 22:03:44 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 22:03:43 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 22:03:42 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 22:03:42 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 22:03:41 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 22:03:40 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 22:03:39 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 22:03:38 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 22:03:38 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 22:03:37 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 22:03:35 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 22:03:34 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 22:03:33 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 22:03:32 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 22:03:32 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 22:03:32 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 22:03:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 22:03:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 22:03:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 22:02:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 22:02:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 22:02:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 22:02:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 22:02:23 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 22:02:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 22:02:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 22:02:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 22:02:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 22:02:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 22:02:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 22:02:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 22:02:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 22:02:22 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 22:02:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 22:02:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 22:02:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.06 12:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Safari [2011.01.31 19:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrossFire ========== Files - Modified Within 30 Days ========== [2011.02.20 12:48:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 12:48:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 10:49:11 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011.02.20 10:48:34 | 000,007,808 | ---- | M] () -- C:\Users\Karim\AppData\Local\d3d9caps.dat [2011.02.20 10:48:27 | 000,048,063 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.02.20 10:48:24 | 000,048,063 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.02.20 10:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.20 10:48:03 | 2951,049,216 | -HS- | M] () -- C:\hiberfil.sys [2011.02.19 21:18:14 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.19 21:18:14 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.19 21:18:14 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.19 21:18:14 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.19 16:27:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.17 14:46:13 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.10 18:27:10 | 000,314,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.08 16:36:46 | 000,020,104 | ---- | M] () -- C:\Users\Karim\Documents\Michael Jackson.docx [2011.02.06 12:45:43 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.01.26 16:17:46 | 000,015,297 | ---- | M] () -- C:\Users\Karim\Documents\Die Dampfmaschine.docx [2011.01.23 18:12:48 | 000,024,576 | ---- | M] () -- C:\Users\Karim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2011.02.19 16:27:15 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.17 14:46:13 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.08 16:36:44 | 000,020,104 | ---- | C] () -- C:\Users\Karim\Documents\Michael Jackson.docx [2011.02.06 12:45:43 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2011.02.06 12:45:43 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2011.01.26 16:17:45 | 000,015,297 | ---- | C] () -- C:\Users\Karim\Documents\Die Dampfmaschine.docx [2010.12.29 13:28:07 | 000,000,552 | ---- | C] () -- C:\Users\Karim\AppData\Local\d3d8caps.dat [2010.12.18 12:35:28 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt [2010.08.01 09:14:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.17 01:01:50 | 000,024,576 | ---- | C] () -- C:\Users\Karim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.28 12:43:06 | 000,007,808 | ---- | C] () -- C:\Users\Karim\AppData\Local\d3d9caps.dat [2010.06.27 19:58:38 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2010.06.27 19:58:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2010.06.27 19:57:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2010.06.27 19:57:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2010.06.27 19:55:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2010.06.27 19:54:10 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini [2010.06.27 19:33:56 | 000,048,063 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.06.27 19:33:37 | 000,048,063 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.06.27 19:18:04 | 000,000,000 | ---- | C] () -- C:\Users\Karim\AppData\Local\QSwitch.txt [2010.06.27 19:18:04 | 000,000,000 | ---- | C] () -- C:\Users\Karim\AppData\Local\DSwitch.txt [2010.06.27 19:18:04 | 000,000,000 | ---- | C] () -- C:\Users\Karim\AppData\Local\AtStart.txt [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008.10.26 15:52:31 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2008.10.26 15:46:59 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2008.10.26 15:45:01 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2008.10.26 15:43:41 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.01 07:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.11.01 07:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.08.02 22:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:F63A059B < End of report > |
|
20.02.2011, 18:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:F63A059B
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17d5f75a-8b5a-11df-9ea6-001f16e1de90}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{17d5f75a-8b5a-11df-9ea6-001f16e1de90}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{84e8f6fc-1536-11e0-98e6-d25a49252e9c}\Shell - "" = AutoRun
O33 - MountPoints2\{84e8f6fc-1536-11e0-98e6-d25a49252e9c}\Shell\AutoRun\command - "" = G:\ICM_ML.exe
O33 - MountPoints2\{a58f4ae3-8eaa-11df-ab2e-001f16e1de90}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ee782ea2-d6cf-11df-a686-001f16e1de90}\Shell - "" = AutoRun
O33 - MountPoints2\{ee782ea2-d6cf-11df-a686-001f16e1de90}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O4 - HKLM..\Run: [antinetcut2] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2011, 13:42
| #11 |
| | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! Ähm, es kommt immer so eine Errormeldung.. So in etwa: Can not create File ..... Obwohl ich als Administrator ausführe... Hast du einen Plan B? xD |
|
21.02.2011, 14:05
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte!Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Mein Laptop schaltet sich immer ab wenn ich ein Spiel/Programm starte! |
| adobe, bho, bildschirm, bonjour, converter, defender, explorer, firefox, hijack, hijackthis, internet, internet explorer, kaspersky, launch, mozilla, mp3, pc absturz, problem, programdata, rundll, security, senden, software, spiel, starten., system, tastatur, vista, windows |
Linear-Darstellung
