| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Dateien nach Windows DiagnosticWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2011, 15:52
| #1 | ||
| |  Dateien nach Windows Diagnostic Hallo, ich hatte vor einigen Tagen den Trojaner "Windows Diagnostic" auf meinem Pc. Konnte ihn mit der guten Anleitung hier aus dem Forum schnell entfernen. Allerdings werden jetzt sämtliche Dateien, die unter meinem Benutzer gespeichert waren, nicht mehr angezeigt. Ich habe bereits die anderen Threads zu diesem Thema gelesen, dachte nur ich erstell ein eigenes Thema damit man nicht durcheinanderkommt. Habe schon den Malwarebytes und OTL Scan durchgeführt. Hier sind die Logs: Der allerste Malwarebytes-Scan (Quickscan) : Zitat:
Malwarebytes-Vollscan: Zitat:
OTL-Scan OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2011 15:29:17 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Volker\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 4,14 Gb Free Space | 2,87% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 104,19 Gb Free Space | 72,35% Space Free | Partition Type: NTFS Computer Name: VOLKER-PC | User Name: Volker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Volker\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) ========== Modules (SafeList) ========== MOD - C:\Users\Volker\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (MAUSBFTP) Service for M-Audio Fast Track Pro (WDM) -- C:\Windows\System32\drivers\mausb.sys (Avid Technology, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.06 12:59:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.15 22:10:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.15 22:10:22 | 000,000,000 | ---D | M] [2008.11.14 20:43:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Extensions [2011.03.22 22:24:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions [2009.09.03 15:13:51 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.17 18:50:24 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.12.06 17:38:19 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2009.12.07 21:15:03 | 000,000,873 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\conduit.xml [2011.03.18 17:08:55 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-1.xml [2011.03.15 22:10:45 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-10.xml [2009.08.18 21:34:11 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-2.xml [2009.09.22 14:23:18 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-3.xml [2009.11.01 10:29:41 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-4.xml [2009.12.30 22:03:23 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-5.xml [2010.01.15 23:21:37 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-6.xml [2010.03.04 21:28:56 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-7.xml [2010.04.05 09:39:42 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-8.xml [2011.03.08 22:29:41 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-9.xml [2008.03.31 08:52:00 | 000,000,168 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.gif [2008.03.31 08:52:00 | 000,000,618 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.src [2009.07.24 00:03:06 | 000,000,944 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.xml [2011.01.13 17:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.11.14 20:56:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.07.15 14:44:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.13 17:42:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.12.06 12:59:16 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2009.07.15 14:44:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2011.01.13 17:42:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.09.18 10:12:22 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2011.01.26 15:33:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.01.26 15:33:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.01.26 15:33:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.01.26 15:33:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.01.26 15:33:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Volker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Volker\Pictures\rage-against-the-machine.jpg O24 - Desktop BackupWallPaper: C:\Users\Volker\Pictures\rage-against-the-machine.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\Shell - "" = AutoRun O33 - MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.24 15:27:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe [2011.03.22 18:52:33 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Malwarebytes [2011.03.22 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.22 18:52:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.22 18:51:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.03.22 18:51:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.22 18:51:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.21 21:49:11 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic [2011.03.09 17:43:52 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 17:43:52 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 17:43:51 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 17:43:51 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.02.27 17:30:50 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Softland [2011.02.27 17:30:48 | 000,022,856 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll [2011.02.27 17:30:48 | 000,019,784 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll [2011.02.27 17:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7 [2011.02.23 22:52:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.23 22:49:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.23 22:49:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.23 22:49:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.23 22:49:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.23 22:49:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.23 22:49:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.23 22:49:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.23 22:49:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.23 22:49:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.23 22:49:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.23 22:49:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.23 22:49:28 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.23 22:49:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.23 22:49:28 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.23 22:49:28 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.23 22:49:28 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll ========== Files - Modified Within 30 Days ========== [2011.03.24 15:27:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe [2011.03.24 15:22:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.24 15:22:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.24 15:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.24 15:22:29 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2011.03.23 21:44:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.23 20:11:10 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E7D34EEB-CE6E-4564-990F-66D07FE2E827}.job [2011.03.23 16:58:48 | 000,000,680 | ---- | M] () -- C:\Users\Volker\AppData\Local\d3d9caps.dat [2011.03.22 20:58:29 | 000,204,864 | ---- | M] () -- C:\Users\Volker\Desktop\DataRecovery_EN_2.4.6.zip [2011.03.22 18:52:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.22 18:38:46 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~42983176 [2011.03.22 18:38:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42983176r [2011.03.22 18:38:41 | 000,198,500 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.03.22 18:36:54 | 000,198,500 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.03.22 16:34:04 | 000,000,384 | -H-- | M] () -- C:\ProgramData\42983176 [2011.03.21 21:49:19 | 000,000,587 | -H-- | M] () -- C:\Users\Volker\Desktop\Windows Diagnostic.lnk [2011.03.20 20:35:57 | 000,701,496 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.20 20:35:57 | 000,656,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.20 20:35:57 | 000,157,758 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.20 20:35:57 | 000,128,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.17 15:25:45 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.02.27 18:30:14 | 000,005,213 | -H-- | M] () -- C:\Users\Volker\Documents\Wedekind - Jungen und Mädchen.pdf ========== Files Created - No Company Name ========== [2011.03.23 16:58:48 | 000,000,680 | ---- | C] () -- C:\Users\Volker\AppData\Local\d3d9caps.dat [2011.03.22 20:58:23 | 000,204,864 | ---- | C] () -- C:\Users\Volker\Desktop\DataRecovery_EN_2.4.6.zip [2011.03.22 18:52:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.21 21:49:21 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~42983176r [2011.03.21 21:49:19 | 000,000,587 | -H-- | C] () -- C:\Users\Volker\Desktop\Windows Diagnostic.lnk [2011.03.21 21:49:19 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~42983176 [2011.03.21 21:49:02 | 000,000,384 | -H-- | C] () -- C:\ProgramData\42983176 [2011.02.27 18:30:12 | 000,005,213 | -H-- | C] () -- C:\Users\Volker\Documents\Wedekind - Jungen und Mädchen.pdf [2011.02.27 17:30:48 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm [2011.02.23 22:49:29 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.23 22:49:29 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.23 22:49:29 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.11.22 13:56:41 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2010.11.22 13:56:41 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2010.11.07 20:19:14 | 000,115,598 | ---- | C] () -- C:\Windows\GXTranscoder v2 Uninstaller.exe [2010.03.07 17:28:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2010.02.22 14:28:48 | 000,000,094 | -H-- | C] () -- C:\Users\Volker\AppData\Local\fusioncache.dat [2009.12.06 12:48:13 | 000,176,844 | ---- | C] () -- C:\Windows\hphins33.dat [2009.10.18 14:05:53 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.10.18 14:05:53 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.10.18 14:05:53 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.10.18 10:53:12 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.05.22 10:32:14 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat [2009.04.24 15:26:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2008.12.27 15:58:54 | 000,010,752 | -H-- | C] () -- C:\Users\Volker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.15 14:52:18 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.12.15 14:52:18 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.11.14 20:50:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.11.03 19:02:28 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.11.03 19:02:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.02 12:33:38 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.11.02 12:33:31 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.07.09 07:09:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.07.08 15:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.07.08 15:39:09 | 000,198,500 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.07.08 15:39:09 | 000,198,500 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.07.08 15:32:17 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2008.07.08 15:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.07.08 15:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.07.08 15:18:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2008.07.08 15:18:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2008.07.08 13:54:14 | 000,701,496 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.07.08 13:54:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.07.08 13:54:14 | 000,157,758 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.07.08 13:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.07.08 13:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.29 09:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe [2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,416,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,656,092 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,128,040 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2003.08.07 20:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > und noch der OTL-"Extra"scan: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2011 15:29:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Volker\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 4,14 Gb Free Space | 2,87% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 104,19 Gb Free Space | 72,35% Space Free | Partition Type: NTFS
Computer Name: VOLKER-PC | User Name: Volker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0267F2ED-F55F-4222-A168-C3A66000B727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03B73A41-25B4-4AF8-81AC-9F482E8F570F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{17C9712C-B0FF-4DE2-8825-DACFF07A2A6D}" = lport=445 | protocol=6 | dir=in | app=system |
"{182C21C7-1B21-4F5D-A637-A457FCECD69D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1ACC8B81-4A32-4952-B23E-3B83139AA64F}" = lport=138 | protocol=17 | dir=in | app=system |
"{1E12C77C-05FD-449A-B56F-0A7FC6FEA8D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20000877-69F7-4346-B4CE-B9E1BB47C55E}" = rport=138 | protocol=17 | dir=out | app=system |
"{2677158A-5F0E-4049-969B-0CF2018C79DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{29CB5780-5F94-4108-99E4-BE6F3D1CD409}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A47494D-9827-4A09-AEE8-9168A3EC50A7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2DA7B5CC-6D87-4517-AFFE-E4B5004E2B5D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3FD0B431-FA3C-48C4-97FD-5484C4111559}" = rport=137 | protocol=17 | dir=out | app=system |
"{46DF001A-8BE4-463B-AF6B-BF164F24AE1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{499568A5-6A44-43D1-AE00-2238D62EECC1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4AE5F0AC-6218-4050-8764-AF2FD8AC3332}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A5CACB9-A9DC-4CA0-8C73-6ADEB81F3B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C935AC1-6182-4ACC-88AD-0FC28844D6B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7687E6B6-E017-46FA-96A3-1ECF2812665A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8159A1F7-6C3E-4A98-9D24-02FAB54323C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{948D0367-5367-484B-88BE-1D5E794F11FE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AE900CAA-AE97-4901-99B5-B257444AAB8C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF7AD8F8-67F3-4F7A-9860-BD3B5CAB48F8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B209ACD2-D6B6-40F5-8360-B09E3F90A5CC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B4B35BCD-4451-4BE2-8083-D775F40B5F0A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B879C000-54AF-4B31-8DD2-F5C5E78D58FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B90197B0-98B8-4132-BB41-BF493DD0CD59}" = lport=139 | protocol=6 | dir=in | app=system |
"{C644570E-17B8-4601-A65F-E80EE9425ABE}" = lport=137 | protocol=17 | dir=in | app=system |
"{C7AEDA38-0D3C-491D-8638-F59B96CCE3BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C99B974B-B26C-4D77-B2EA-94D15AFC333F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1BD2BCD-3029-47C5-BC79-8A13820B7CBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0F18376-F1E7-4603-81C9-6688EDF26ACA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E65B31E3-71BB-4136-A2A1-05418D2DAD4C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E912E8C0-725B-4AAE-89C4-D664C62E8944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA5FB8EC-E43D-4AB6-A6C7-152E25CD3DA6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FC0AEC55-BED7-4381-B956-96A224A80686}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD1DEDDA-7061-40D0-8D78-21E1414C4D24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005BB5EE-A7FD-455C-93CA-4A4B3FE91F63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{01A11BC5-936F-4A94-8562-DBBA1CB53A3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{043D666F-5981-476B-B9F8-0AFBC107ABAC}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{04EFE0C2-D3A6-42A3-B6B2-85C234E96591}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{050F0DE3-1182-4B4F-960C-AACF6650A0B3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{068FFCF1-B68C-4591-AF45-CC12FEC20A4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{10FC9E7C-1692-41A6-9885-B39C299CE912}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{12FFE344-EB6E-4D67-B2D7-303550DD7D20}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{17AF0867-48C6-427E-BDA7-9D31F1141A23}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe |
"{1F04F4AA-56FC-4955-AA79-35BF422EFD05}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{23B245F5-6C15-49FB-B05E-AC7CEA833046}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{244006FE-AE75-4410-B3B0-2058DE2F1972}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{25EBFEDD-2F22-4A4E-BCC7-99DC9A30C4D7}" = protocol=6 | dir=in | app=d:\spiele\game.dat |
"{27B03D3D-22B0-4BE7-9644-639913DD3CA7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\sourcesdk\bin\sdklauncher.exe |
"{28B2793F-F1CE-49BB-A61A-784F75FA96F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{291D306C-48AA-4223-B4A4-5D53D8E45FDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{29CF5B6F-4CE6-4E72-8B3C-3A579FBF3B89}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2EF13111-67CF-41C9-AE5E-88E758CDBBCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{317BA270-0DC9-4A1F-9492-ED0B2B1CCAAE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{31A4C225-DBF4-4735-9957-1CCB6C6AD544}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinemessageservice.exe |
"{31D2E30E-4393-41CB-A2BF-36FB0B76DB6E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{34BF32A3-00D9-4617-AD3F-335224F61389}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\sourcesdk\bin\sdklauncher.exe |
"{35A3779F-1D36-4A27-B8DA-0771AF95C0DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{44B78938-6BD2-47D0-9A76-3787164BBD15}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4682EE64-28A1-4948-B789-C0B2A1776ABC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{4968FD53-7DEA-4B47-B5E8-1C3AB04DC28E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{4ACBE741-F8EA-4BF0-B4BA-907029212B80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4D6C392C-A335-4C72-AD76-CF3A02C1CBAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4ECD6139-75EB-4DCC-BAC8-190D176B13D4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4F2170C1-ADB8-43FE-B583-39D8643ACF86}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{55BD5398-7EE3-4802-AA3C-FF9B47F1C8CD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{5AE82062-F363-4968-8EB2-1773E90F2D10}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5D17D80C-BDA6-4060-A9DA-E7300D088DFC}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe |
"{67776A70-289C-46F8-8937-28F39FF9F11C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6779FCAE-5815-46CF-89C3-D6A107FAA6AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{68B5EFF0-B2E5-42AD-99CD-AACDB7AD1584}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C708175-E552-40D1-A8A6-13CFD9899760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6FEC7324-116C-4FED-A19F-10AAAE7A42A1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{747C7C60-3385-444B-A61F-B2DC0A64CA15}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{74B11514-A4A6-4787-8C73-87D3EEB83B23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A430E69-AF3F-47B1-B508-D9E1B7BD397D}" = protocol=17 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe |
"{7AD050A3-0258-43D0-9B6B-087FAD75663B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{82F3AFDC-98E5-4134-91FD-293ABAD13028}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{834F2472-3D8F-4628-9A41-100A7B403E76}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{8BF64F90-1B25-4311-98ED-FEF0757282BE}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinemessageservice.exe |
"{8D42CA55-1180-472D-B9CF-C83FD2C87A4D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8D72A2AF-6F15-48E7-B545-D2DDD2DF6E8B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8DD04263-45E2-41A8-9623-C9321C556E59}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FB359F1-7E7A-4731-B47C-EB6DA8019717}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9080FC1B-F9F6-43C4-B892-AA36809B2D59}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{90BFE075-12F3-4A0E-9252-87F4A954D382}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{911B9C3B-5B33-4EE8-9080-E681880109EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9149E7E3-77B6-41F6-9B77-657511ECA177}" = protocol=6 | dir=in | app=c:\sierra\empire earth\launcher.exe |
"{956E1B4E-AA14-4F4B-8F8B-49EE3545D954}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe |
"{98A218E2-2EFA-4708-A83B-CD8DEC773758}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A30BB79A-404A-419E-B690-68F07F905ED7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A44581E9-D8AF-4E35-8A6D-E407FF9B37C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A659754E-C3BD-47C3-B055-96D6C202A59C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{A84369CD-0104-4B15-8913-CA12E78DB191}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{AC0EB358-85BB-4B8A-8309-506EB7D14E86}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{AEC25E14-65BA-46F9-85AE-AA289C794FDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B7FAD1A2-8404-4D59-8DF3-1229EDBD343D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{B95ECCFA-2AA3-4DC1-97A7-2293C5133B2F}" = protocol=6 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe |
"{BCAEFB36-3651-49CF-84C7-69E6D6F17BC4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BE642298-A92E-4BCF-B4A9-A6AE42F47F40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0EFC0EF-34F2-4CB4-B3E0-02C29AD98489}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C1CFFAB8-557C-4764-B700-36DD09E8967C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C391A9E0-CD46-4995-A139-E3AFE4729C3C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C66F4A61-B793-4E5F-B23E-4C19537BD4E0}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C81F6994-D1FC-4B20-B7EC-10620BA1DE98}" = protocol=17 | dir=in | app=d:\spiele\game.dat |
"{C8D5BCCE-8812-4C57-9301-042EA6D48875}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CBC9BD84-0C84-4A04-8644-C2AAF6246113}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{CCE47FE5-D80C-43A2-82BE-C99E4CBA864F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{D4630B38-C219-4317-9F26-D4B87669A3B1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D5A3EA54-194F-456F-A10E-90088E860DF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D8C3F067-B27D-45E2-A984-533AD8CC39DB}" = protocol=6 | dir=out | app=system |
"{DB73A8FD-6C43-43A8-B58D-5CFF82840D62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCCE7AF5-CF65-44F9-A732-55A24ADAD347}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{E269C668-B0B9-4675-A228-5F2858C61695}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{E7198A34-60FE-46AA-B7DF-1683767B32B9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E75CBF35-506F-418D-825D-14AC26E40972}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E80F188E-DA5E-4C72-AFF3-7EA21EDE168A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{EB957EEF-94A4-4020-BB7B-ACC9DE1BB266}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0D09E8D-961E-47DD-B12C-45F99C1B0091}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe |
"{F15E31F3-8B0E-4127-BF12-3897E6358C30}" = protocol=17 | dir=in | app=c:\sierra\empire earth\launcher.exe |
"{F1ED2C0F-5CE5-4FB3-B056-6D1F3F408B86}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{FAFE2374-C706-47F8-8B66-7AFC7356CA01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD1BB9F0-1DB4-4496-B70D-774E8E7C284F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{FFE802C9-B147-4651-9BE1-5B48A6CDC045}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"TCP Query User{03FA3D87-2896-4213-A6FA-7E0978BA6C20}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe |
"TCP Query User{09DE31C5-F330-4E54-B94A-78F9E7FCFE10}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{19508545-4C62-4BBB-BF56-9B8127B88520}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe |
"TCP Query User{1D495106-B35F-4437-BB2A-FB890B08E87C}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe |
"TCP Query User{264635D8-EF67-4459-A0FD-459ADE1204E8}C:\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\world of padman\wop.exe |
"TCP Query User{349A854A-8E3E-4507-AB18-010222F67C6C}C:\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\world of padman\wop.exe |
"TCP Query User{3F5C3B5A-DD1C-43B2-8971-9026CB1E9013}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{4C153B2B-D0B3-42D7-91EC-A9E43E99A2BF}D:\spiele\xiii\system\xiii.exe" = protocol=6 | dir=in | app=d:\spiele\xiii\system\xiii.exe |
"TCP Query User{54295BCF-7525-454A-9466-915C7DCD7940}D:\spiele\project nomads\run\bin\win32\nomads.exe" = protocol=6 | dir=in | app=d:\spiele\project nomads\run\bin\win32\nomads.exe |
"TCP Query User{637517CC-DCCC-48F8-8519-0EDEDB65E761}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{666F6F05-E297-41AF-B5DF-02560AED7E68}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe |
"TCP Query User{6D49F42B-CB54-4B9A-90D3-42B524509CED}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe |
"TCP Query User{78F8790C-822A-4637-9439-8C1296162BCB}D:\spiele\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe |
"TCP Query User{808EDB7D-1877-4D69-9C31-AAD62B3F7C93}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{90D3767B-0E18-426C-99D3-D573B0FAFA00}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{97469048-8702-4913-A33A-5D67C1CCE71E}C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"TCP Query User{9AEFAA7C-1D03-4CC3-A2A1-B5331CFA3DC2}D:\spiele\warsow 0.5\warsow_x86.exe" = protocol=6 | dir=in | app=d:\spiele\warsow 0.5\warsow_x86.exe |
"TCP Query User{A64209FE-E9BF-4CE9-A423-D33860113E4B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{B2E01D1E-6B9B-4E2C-83B5-69305DAB7F53}C:\program files\padworld entertainment\world of padman 1.5\wop.exe" = protocol=6 | dir=in | app=c:\program files\padworld entertainment\world of padman 1.5\wop.exe |
"TCP Query User{B4E92274-5A67-4EC4-A373-D3B72071D90E}D:\spiele\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe |
"TCP Query User{B95623C8-F7FC-41D7-A912-BBEDC71FE53C}D:\spiele\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\spiele\metin2\metin2.bin |
"TCP Query User{BB94A176-F48C-4581-810F-08D889F9CC71}C:\users\volker\desktop\mod. vers\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\volker\desktop\mod. vers\stronghold crusader.exe |
"TCP Query User{BE6F3F95-D781-4C5A-8AC4-6495273E6061}D:\spiele\xiii\system\xiii.exe" = protocol=6 | dir=in | app=d:\spiele\xiii\system\xiii.exe |
"TCP Query User{BFA6AA61-1FED-4604-9125-C60893DDB430}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{C516006E-9850-4925-A64B-F8E4607D8F5A}D:\spiele\metin2\metin2client.bin" = protocol=6 | dir=in | app=d:\spiele\metin2\metin2client.bin |
"TCP Query User{C9A14C0A-AA60-4469-A63A-CDD7E3C9ABA4}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{D1334010-FE21-45A0-9917-0D830A2E0CF6}D:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{DF32B924-ACCF-430B-A6AB-7EE5844D0243}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{E28E1D8C-FA53-4BCD-A9D2-8C09424DA7CC}D:\spiele\ddo\dndclient.exe" = protocol=6 | dir=in | app=d:\spiele\ddo\dndclient.exe |
"TCP Query User{E3E8BC19-4742-4E85-8648-B4B09A5C0815}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{F30DD47F-B20E-4BE1-8953-10E8C5A94632}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe |
"TCP Query User{F6B734C7-C911-4664-8FF9-F99A88351074}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{F9376274-578B-44A4-84F2-3DB9932463C4}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{FC43D0FD-3C82-423D-9669-74764A608D48}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{FCDFB046-E3DF-44C4-880F-5B254B5367F4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{08F45A15-EC68-4488-AF67-EEE74534A78E}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe |
"UDP Query User{21A628B6-A5B6-48FF-84EB-2C31F61854B7}D:\spiele\ddo\dndclient.exe" = protocol=17 | dir=in | app=d:\spiele\ddo\dndclient.exe |
"UDP Query User{2280E565-E24A-49D5-A8F5-E3A4E548B8EC}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{2FFDF01D-3F44-455E-B883-8A39478CC746}D:\spiele\xiii\system\xiii.exe" = protocol=17 | dir=in | app=d:\spiele\xiii\system\xiii.exe |
"UDP Query User{3397CE13-71FC-4EB3-8B2E-2E8F31D404A1}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe |
"UDP Query User{3ADA5E22-FD4F-4434-BA6A-1C597C630847}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe |
"UDP Query User{3BA22DEF-91B5-43FE-8187-0312FDD4ED71}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{4C8F074F-749F-4CE9-9C7E-6197795E2E81}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{52523B16-6B07-4A56-A14D-E91FDDCF9C82}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{579D8D4F-5042-4DE1-88A2-D6E52069A73E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{6147CEAF-2773-41C2-ADC7-6549475DAC9A}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe |
"UDP Query User{669372A8-FA33-4828-B588-D8A1AF2DBE53}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe |
"UDP Query User{6753A0F3-9079-4CE7-A497-CF984C8C4862}C:\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\world of padman\wop.exe |
"UDP Query User{67F6DB2C-A68B-4EB2-A3CD-8B2E8D5E822A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{6EDEB0A3-6309-4E34-97DB-FE340B8A11DF}D:\spiele\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe |
"UDP Query User{71FC3027-2AA8-4A50-85C2-8B7DF0BDCD6B}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{75F6A091-2B01-4FAC-B58E-AF604DB87B39}D:\spiele\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\spiele\metin2\metin2.bin |
"UDP Query User{7755CF80-EB0F-407B-9B84-A73E9A6EC5A8}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8C47A3A0-8F6E-48A3-A0A8-ACF0F0134E4C}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{94826A63-1CF3-4794-80B8-E8C470B09154}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{961720B7-FC0C-4439-BF4D-76E0E6399378}D:\spiele\xiii\system\xiii.exe" = protocol=17 | dir=in | app=d:\spiele\xiii\system\xiii.exe |
"UDP Query User{9D4C57F6-D525-4935-B2F4-4A72F562514A}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{AF037537-EDD2-490D-978B-D1EF5EEB904B}C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"UDP Query User{B91A6E74-6EAD-4A28-8DD8-F9070E72BF74}D:\spiele\project nomads\run\bin\win32\nomads.exe" = protocol=17 | dir=in | app=d:\spiele\project nomads\run\bin\win32\nomads.exe |
"UDP Query User{BE3AC010-4F4B-4290-92DA-94373991AEE4}D:\spiele\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe |
"UDP Query User{C8CB0EF0-BC7B-4722-B465-4C67D597185F}D:\spiele\warsow 0.5\warsow_x86.exe" = protocol=17 | dir=in | app=d:\spiele\warsow 0.5\warsow_x86.exe |
"UDP Query User{CDE0BCB6-1454-4051-B7E4-B3994BA91CF9}C:\users\volker\desktop\mod. vers\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\volker\desktop\mod. vers\stronghold crusader.exe |
"UDP Query User{D24C3B81-175E-4D2D-B633-053830F0CB4B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D4FFC692-69EB-42A6-96C7-AABDF6800AC4}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{D55CF884-A369-4EFE-B977-09E812A261A8}D:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{DDBDEF57-2F4E-4BC3-9693-0A13EC922834}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe |
"UDP Query User{E7EF1EA9-0C9B-4D8D-AED1-C5C19B64B5AE}C:\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\world of padman\wop.exe |
"UDP Query User{F1036172-B550-40F3-A18C-458F2D1CBEF3}D:\spiele\metin2\metin2client.bin" = protocol=17 | dir=in | app=d:\spiele\metin2\metin2client.bin |
"UDP Query User{F58B75A8-ECB7-4E40-9EE3-07701A8BB298}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{FEE68FB5-CEA2-4145-89D1-96ECF029EF6A}C:\program files\padworld entertainment\world of padman 1.5\wop.exe" = protocol=17 | dir=in | app=c:\program files\padworld entertainment\world of padman 1.5\wop.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}" = Fast Track Pro
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9FE15B75-8AD9-4A6F-A57A-7E7C03C4CBEB}" = StarOffice 8
"{A6C2D216-9DAE-43F9-8EFF-F0445E973F52}_is1" = GW-Value
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B1CBE507-887F-4CAE-A84C-9E0F6C81B870}" = StarOffice 8 Product Update 12
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BestPractice" = BestPractice (remove only)
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"doPDF 7 printer_is1" = doPDF 7.2 printer
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DynaGeo_is1" = DynaGeo 3.0f
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"GameSpy Arcade" = GameSpy Arcade
"Gothic II" = Gothic II
"Guild Wars" = GUILD WARS
"GuildWars Visions_is1" = GuildWars Visions v1.08
"Guitar Pro 5_is1" = Guitar Pro 5.2
"GXTranscoder v2" = GXTranscoder v2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ICQToolbar" = ICQ Toolbar
"iDump" = iDump (Backing up your iPod)
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mumble" = Mumble and Murmur
"MuPAD Pro 4.0_is1" = MuPAD Pro 4.0.6
"Niki" = Niki
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Project Nomads" = Project Nomads
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"StarCraft II" = StarCraft II
"Steam App 11020" = TrackMania Nations Forever
"Steam App 211" = Source SDK
"Steam App 220" = Half-Life 2
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Terror_is1" = Urban Terror 4.1
"VCam 3.1_is1" = VCam 3.1.1
"World of Padman" = World of Padman
"World of Padman 1.5" = World of Padman 1.5
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.12.2010 01:50:26 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2010 07:33:04 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2010 07:33:15 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 07:33:15 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 07:34:09 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 07:34:14 | Computer Name = Volker-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel
0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2, Prozess-ID 0x524, Anwendungsstartzeit
01cb9ea76b72d760.
Error - 18.12.2010 07:38:14 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.12.2010 07:38:16 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 07:38:16 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 07:38:17 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 23.03.2011 11:56:04 | Computer Name = Volker-PC | Source = HTTP | ID = 15016
Description =
Error - 23.03.2011 11:56:39 | Computer Name = Volker-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 23.03.2011 11:56:39 | Computer Name = Volker-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 23.03.2011 11:57:50 | Computer Name = Volker-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.03.2011 15:07:47 | Computer Name = Volker-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 24.03.2011 10:22:37 | Computer Name = Volker-PC | Source = HTTP | ID = 15016
Description =
Error - 24.03.2011 10:22:55 | Computer Name = Volker-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 24.03.2011 10:22:55 | Computer Name = Volker-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 24.03.2011 10:24:16 | Computer Name = Volker-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.03.2011 10:26:37 | Computer Name = Volker-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Ich hoffe mir kann jemand helfen, mfg. |
|
24.03.2011, 19:01
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Dateien nach Windows Diagnostic Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
[2011.03.21 21:49:21 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~42983176r
[2011.03.21 21:49:19 | 000,000,587 | -H-- | C] () -- C:\Users\Volker\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:49:19 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~42983176
[2011.03.21 21:49:02 | 000,000,384 | -H-- | C] () -- C:\ProgramData\42983176
[2011.03.21 21:49:11 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\Shell - "" = AutoRun
O33 - MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
24.03.2011, 21:54
| #3 |
| | Dateien nach Windows Diagnostic Erledigt:
__________________All processes killed ========== OTL ========== C:\ProgramData\~42983176r moved successfully. C:\Users\Volker\Desktop\Windows Diagnostic.lnk moved successfully. C:\ProgramData\~42983176 moved successfully. C:\ProgramData\42983176 moved successfully. C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic folder moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\ not found. File G:\LaunchU3.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\H2O deleted successfully. C:\Programme\Syncrosoft\POS\H2O\cledx.exe moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Volker ->Temp folder emptied: 641973220 bytes ->Temporary Internet Files folder emptied: 3114846490 bytes ->Java cache emptied: 50194478 bytes ->FireFox cache emptied: 85755362 bytes ->Google Chrome cache emptied: 5946098 bytes ->Flash cache emptied: 141139 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 725009512 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.410,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03242011_214330 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
24.03.2011, 22:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nach Windows Diagnostic Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.03.2011, 17:27
| #5 |
| | Dateien nach Windows Diagnostic soweit sogut... Combofix Logfile: Code:
ATTFilter ComboFix 11-03-24.06 - Volker 25.03.2011 17:12:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.1976 [GMT 1:00]
ausgeführt von:: c:\users\Volker\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-25 bis 2011-03-25 ))))))))))))))))))))))))))))))
.
.
2011-03-25 16:18 . 2011-03-25 16:18 -------- d-----w- c:\users\Volker\AppData\Local\temp
2011-03-25 16:18 . 2011-03-25 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-25 15:53 . 2011-03-25 15:53 -------- d-----w- c:\program files\CCleaner
2011-03-25 15:39 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{867D9914-71EB-4981-8795-A6CAA04F4954}\mpengine.dll
2011-03-24 20:43 . 2011-03-24 20:43 -------- d-----w- C:\_OTL
2011-03-22 17:52 . 2011-03-22 17:52 -------- d--h--w- c:\users\Volker\AppData\Roaming\Malwarebytes
2011-03-22 17:52 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-22 17:51 . 2011-03-22 17:51 -------- d--h--w- c:\programdata\Malwarebytes
2011-03-22 17:51 . 2011-03-22 17:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-22 17:51 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 16:43 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 16:43 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 16:43 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 16:43 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 16:43 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 16:43 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 16:30 . 2011-02-27 16:30 -------- d--h--w- c:\users\Volker\AppData\Roaming\Softland
2011-02-27 16:30 . 2010-12-02 08:00 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-02-27 16:30 . 2010-12-02 08:00 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 14:25 . 2010-05-22 17:09 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-08 12:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50 . 2011-02-09 13:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-09 13:01 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-09 13:02 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57 . 2011-01-12 20:33 409600 ----a-w- c:\windows\system32\odbc32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-08-21 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-08-21 00:34 2736736 ----a-w- c:\program files\DVDVideoSoft\tbDVD1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-08-21 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-08-21 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-18 2937528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-03-11 143624]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-04-05 242560]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{E7D34EEB-CE6E-4564-990F-66D07FE2E827}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Volker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-25 17:18
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-798057435-2566236125-1246601167-1003\Software\SecuROM\License information*]
"datasecu"=hex:f8,1b,47,0e,b1,2f,d9,f2,71,e6,6a,64,90,16,c2,30,0a,60,23,de,fb,
dd,ba,b4,6c,f9,92,f2,e7,fd,9d,f4,60,ee,53,86,c6,c3,e2,48,e5,b6,42,f7,2c,d2,\
"rkeysecu"=hex:aa,f1,6c,38,8c,19,c3,04,f7,af,c1,06,38,56,d0,15
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3984)
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2011-03-25 17:20:44
ComboFix-quarantined-files.txt 2011-03-25 16:20
.
Vor Suchlauf: 6 Verzeichnis(se), 10.726.989.824 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.344.407.040 Bytes frei
.
- - End Of File - - A1EBFB7AC5E327F1FC5D8EB0B3D1FB3F
|
|
25.03.2011, 18:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nach Windows Diagnostic Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ --> Dateien nach Windows Diagnostic |
|
25.03.2011, 19:12
| #7 | |
| | Dateien nach Windows Diagnostic OMG, sieht so aus als wäre alles wieder da!! Tausend Dank. Ist iwie komisch, jemandem ,den man nicht kennt, einfach zu vertrauen und alles zu tun was er sagt, aber hat ja alles funktioniert. Danke. der scan hat nichts gefunden, hier trotzdem nochmal die Log: Zitat:
|
|
26.03.2011, 17:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nach Windows Diagnostic Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2011, 14:18
| #9 | |
| | Dateien nach Windows Diagnostic Ok hier sind schon mal GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-30 14:51:25
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O
Running: 2brlxhp2.exe; Driver: C:\Users\Volker\AppData\Local\Temp\ufdiypoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E404340, 0x3E9407, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F5DE300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F623300, 0x1B7E, 0xE8000020]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027879245e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet)
---- EOF - GMER 1.0.15 ----
und OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:16:38 on 30.03.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Volker\AppData\Local\Temp\catchme.sys (File not found) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information) "Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\Windows\System32\DRIVERS\cledx.sys "ufdiypoc" (ufdiypoc) - ? - C:\Users\Volker\AppData\Local\Temp\ufdiypoc.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVD1.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVD1.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVD1.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVD1.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll (File not found) {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Pando Media Booster" - ? - C:\Program Files\Pando Networks\Media Booster\PMB.exe "Steam" - "Valve Corporation" - "c:\program files\steam\steam.exe" -silent -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "M-Audio Taskbar Icon" - "Avid Technology, Inc." - C:\Windows\System32\M-AudioTaskBarIcon.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NetFxUpdate_v1.1.4322" - "Microsoft" - "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "doPDF 7 Monitor" - "Softland" - C:\Windows\system32\dopdfmn7.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe (File found, but it contains no detailed information) "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] und hier mbrcheck: Zitat:
Geändert von 0815User (30.03.2011 um 15:13 Uhr) |
|
30.03.2011, 15:38
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nach Windows DiagnosticZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2011, 19:29
| #11 |
| | Dateien nach Windows Diagnostic neues OSAM-Log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:28:53 on 30.03.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Volker\AppData\Local\Temp\catchme.sys (File not found) "enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVD1.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVD1.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVD1.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVD1.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll (File not found) {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Pando Media Booster" - ? - C:\Program Files\Pando Networks\Media Booster\PMB.exe "Steam" - "Valve Corporation" - "c:\program files\steam\steam.exe" -silent -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "M-Audio Taskbar Icon" - "Avid Technology, Inc." - C:\Windows\System32\M-AudioTaskBarIcon.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NetFxUpdate_v1.1.4322" - "Microsoft" - "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "doPDF 7 Monitor" - "Softland" - C:\Windows\system32\dopdfmn7.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe (File found, but it contains no detailed information) "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] |
|
30.03.2011, 19:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nach Windows Diagnostic Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2011, 16:43
| #13 | ||
| | Dateien nach Windows Diagnostic SASW: Zitat:
Zitat:
|
|
31.03.2011, 17:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dateien nach Windows Diagnostic Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2011, 20:35
| #15 |
| | Dateien nach Windows Diagnostic nein nichts, vielen Dank |
|
| Themen zu Dateien nach Windows Diagnostic |
| 32 bit, 7-zip, adware.gamespyarcade, antivir, audacity, avgntflt.sys, avira, bho, bonjour, conduit, converter, downloader, error, excel.exe, firefox, flash player, home, iexplore.exe, install.exe, ip-adresse, location, logfile, metin2, microsoft office 2003, microsoft office word, mozilla, mp3, nvlddmkm.sys, office 2007, oldtimer, otl scan, otl.exe, pando media booster, plug-in, programdata, realtek, registry, rootkit.tdss.gen, saver, scan, sched.exe, searchplugins, security, security update, server, shell32.dll, skype.exe, software, start menu, svchost.exe, teamspeak, trojan.dropper.pgen, trojaner, vista, windows, ändern |
Linear-Darstellung
