| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekml.1 gefunden Kritischer fehlerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.04.2011, 11:57
| #1 |
 |  TR/Kazy.mekml.1 gefunden Kritischer fehler hallo zusammen erstmal bin ich zum ersten mal auf dieser seite und zum ersten mal in einer situation in der ich nicht weiter weiß .... ich komm vlt. mal gleich zum punkt: In der Datei C:/ProgramData/40099592.exe wurde ein Virus oder unerwünschtes Programm TR/Kazy.mekml.1 gefunden. Der Zugriff aufdiese Datei wurde verweigert. sagt mir antivir..... zu dem ist mein problem von denn ereignissen her identisch wie das von A22 http://www.trojaner-board.de/97638-t...mekml-1-a.html ich hoffe ihr könnt mir weiter helfen denn ich habe keinen blasen schimmer von OTL logs oder sonst was :// liebe grüße tsdkalle |
|
21.04.2011, 12:08
| #2 |
| /// Malware-holic   | TR/Kazy.mekml.1 gefunden Kritischer fehler na aber wie man die erstellt kannst du in dem von dir verlinktem thema ja nachlesen, wie man die auswertet weis ich dann schon :-)
__________________
__________________ |
|
21.04.2011, 12:22
| #3 |
| | TR/Kazy.mekml.1 gefunden Kritischer fehler ok ich wühl mich da mal durch und versuche mein bestes
__________________ |
|
21.04.2011, 12:27
| #4 |
| /// Malware-holic | TR/Kazy.mekml.1 gefunden Kritischer fehler du brauchwst nicht zu wühlen, nur das log erstellen hier reinkopieren mehr nicht, erst mal :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.04.2011, 12:33
| #5 |
| | TR/Kazy.mekml.1 gefunden Kritischer fehler ok ich hab grad die otl exe geladen und lasse einen scan laufen das gleiche auch mit Malwarebytes ich hoffe ich bin auf dem richtigen weg. LG tsdkalle |
|
21.04.2011, 12:41
| #6 |
| | TR/Kazy.mekml.1 gefunden Kritischer fehler OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.04.2011 13:32:19 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Christian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 290,54 Gb Free Space | 65,18% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,52 Gb Free Space | 52,63% Space Free | Partition Type: FAT32 Drive E: | 4,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.21 13:31:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2011.04.21 11:31:20 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe PRC - [2011.03.24 01:33:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.19 15:15:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.01.06 20:59:01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.06 20:59:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.16 00:54:54 | 000,037,376 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.09 01:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.07.18 02:08:45 | 002,094,352 | -H-- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2007.07.18 01:30:12 | 000,414,992 | -H-- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe PRC - [2007.07.18 01:30:03 | 001,687,824 | -H-- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2007.07.18 01:29:52 | 000,460,048 | -H-- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe PRC - [2007.07.18 01:29:34 | 000,479,504 | -H-- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe PRC - [2007.07.18 01:29:24 | 000,278,288 | -H-- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe PRC - [2007.06.27 11:18:40 | 000,215,256 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe PRC - [2007.06.27 11:18:20 | 000,293,080 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe PRC - [2007.06.27 11:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe PRC - [2007.06.27 11:17:26 | 000,272,600 | -H-- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe PRC - [2007.06.27 11:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe PRC - [2007.06.27 11:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe PRC - [2007.06.27 11:15:14 | 000,059,096 | -H-- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe PRC - [2007.06.27 11:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe PRC - [2007.06.27 11:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe PRC - [2007.06.27 11:13:56 | 000,268,504 | -H-- | M] () -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe PRC - [2007.02.12 12:46:34 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2011.04.21 13:31:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (stllssvr) SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9) SRV - File not found [Auto | Stopped] -- -- (Roxio Upnp Server 9) SRV - File not found [On_Demand | Stopped] -- -- (Roxio UPnP Renderer 9) SRV - [2011.03.19 15:15:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.06 20:59:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.06.27 11:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R) SRV - [2007.06.27 11:17:26 | 000,272,600 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel(R) SRV - [2007.06.27 11:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R) SRV - [2007.06.27 11:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R) SRV - [2007.06.27 11:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel(R) SRV - [2007.06.27 11:15:14 | 000,059,096 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R) SRV - [2007.06.27 11:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel(R) SRV - [2007.06.27 11:13:56 | 000,268,504 | -H-- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM) SRV - [2007.02.12 12:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.03.19 15:15:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.01.06 20:59:02 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009.08.30 21:02:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.08.30 21:02:15 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.02.20 14:05:23 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2008.01.29 10:22:00 | 008,239,232 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.09.21 11:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.06.27 11:17:46 | 000,014,552 | -H-- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2007.06.19 12:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.02.18 21:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/facesmooch3/{E717273C-D544-4F20-882C-AABED45901C1} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = IESearch Start IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/facesmooch3/{E717273C-D544-4F20-882C-AABED45901C1} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.02.19 14:52:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.19 17:50:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.19 17:50:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 01:33:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 01:33:27 | 000,000,000 | ---D | M] [2009.06.21 14:43:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2009.06.21 14:43:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.04.20 22:47:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\9dj3vsow.default\extensions [2009.06.24 23:53:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\9dj3vsow.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.03 22:36:42 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\9dj3vsow.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.12.23 20:13:54 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\9dj3vsow.default\extensions\moveplayer@movenetworks.com [2009.02.05 08:11:12 | 000,000,682 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\ask.xml [2008.03.11 01:05:30 | 000,000,996 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\FireSearch.xml [2011.04.18 15:00:55 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-1.xml [2009.07.23 02:24:04 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-10.xml [2009.08.04 18:37:12 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-11.xml [2009.09.10 17:59:50 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-12.xml [2009.10.29 06:17:11 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-13.xml [2009.12.17 15:16:05 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-14.xml [2010.01.08 06:12:10 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-15.xml [2010.02.19 06:10:03 | 000,000,961 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-16.xml [2010.03.13 17:56:25 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-17.xml [2010.03.24 14:46:45 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-18.xml [2010.04.03 00:39:10 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-19.xml [2008.03.27 00:58:15 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-2.xml [2010.12.30 19:06:48 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-20.xml [2011.01.14 11:26:18 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-21.xml [2008.04.17 23:06:06 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-3.xml [2008.07.02 16:33:04 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-4.xml [2008.07.03 17:31:52 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-5.xml [2008.07.16 23:07:30 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-6.xml [2008.12.17 22:54:58 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-7.xml [2009.02.06 08:54:12 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-8.xml [2009.06.16 00:23:51 | 000,000,950 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin-9.xml [2009.06.07 14:21:06 | 000,000,944 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\icqplugin.xml [2011.03.07 21:02:03 | 000,002,380 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\searchplugins\search.xml [2011.01.14 11:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.11 09:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.19 17:50:52 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.03.19 17:50:53 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [MODE FREE BIRD SURF] File not found O4 - HKCU..\Run: [more rule] File not found O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 13:31:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2011.04.21 12:21:34 | 000,000,000 | -H-D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2011.04.21 12:21:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.21 12:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.21 12:21:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 12:21:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.21 12:20:34 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 11:31:21 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.14 10:17:16 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 10:17:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 10:17:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 10:17:15 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 10:17:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 10:17:12 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.03.31 22:46:09 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.03.31 22:46:09 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.03.31 22:46:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.03.31 22:46:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.03.31 22:46:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.03.31 22:46:08 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.03.31 22:46:08 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.03.31 22:46:08 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.03.31 22:46:08 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.03.31 22:46:08 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.03.31 22:46:08 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.03.31 22:46:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.03.31 22:46:08 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.03.31 22:46:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.03.31 22:46:08 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.03.31 22:46:08 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.03.31 22:46:08 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.03.31 22:46:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.03.31 22:46:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.03.31 22:46:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.03.31 22:46:07 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.03.31 22:46:07 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.03.31 22:46:07 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.03.31 22:46:07 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.03.31 22:46:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.03.31 22:46:07 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.03.31 22:46:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.03.31 22:46:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.03.31 22:46:07 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.03.31 22:46:07 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.03.31 22:46:07 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.03.31 22:46:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.03.31 22:46:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.03.31 22:46:06 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.03.31 22:46:06 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.03.31 22:46:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.03.31 22:46:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.03.31 22:46:06 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.03.31 22:46:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.03.26 17:44:19 | 000,000,000 | -H-D | C] -- C:\Users\Christian\AppData\Local\DDMSettings [2011.03.23 10:49:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 10:49:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 13:31:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2011.04.21 13:27:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.21 13:05:45 | 000,694,338 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 13:05:45 | 000,638,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 13:05:45 | 000,153,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 13:05:45 | 000,121,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.21 13:00:52 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.21 12:59:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 12:59:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 12:59:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 12:59:23 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2011.04.21 12:21:24 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 12:20:40 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 11:31:20 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.14 23:26:11 | 000,365,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.31 22:46:09 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.03.31 22:46:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.03.31 22:46:09 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.03.31 22:46:09 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.03.31 22:46:09 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.03.31 22:46:08 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.03.31 22:46:08 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.03.31 22:46:08 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.03.31 22:46:08 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.03.31 22:46:08 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.03.31 22:46:08 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.03.31 22:46:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.03.31 22:46:08 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.03.31 22:46:08 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.03.31 22:46:08 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.03.31 22:46:08 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.03.31 22:46:08 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.03.31 22:46:08 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.03.31 22:46:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.03.31 22:46:08 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.03.31 22:46:07 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.03.31 22:46:07 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.03.31 22:46:07 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.03.31 22:46:07 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.03.31 22:46:07 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.03.31 22:46:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.03.31 22:46:07 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.03.31 22:46:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.03.31 22:46:07 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.03.31 22:46:07 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.03.31 22:46:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.03.31 22:46:07 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.03.31 22:46:07 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.03.31 22:46:06 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.03.31 22:46:06 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.03.31 22:46:06 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.03.31 22:46:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.03.31 22:46:06 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.03.31 22:46:06 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.03.31 22:46:06 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.03.27 01:10:06 | 000,001,036 | -H-- | M] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk [2011.03.27 01:09:51 | 000,001,195 | -H-- | M] () -- C:\Users\Christian\Desktop\Free YouTube to MP3 Converter.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 12:21:24 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.31 22:46:08 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.09.17 21:05:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.17 21:05:23 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.09.07 12:23:05 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE [2009.08.30 21:02:16 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.30 21:02:15 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.21 22:21:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.21 22:21:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.30 09:47:45 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2009.06.11 19:16:23 | 000,000,907 | ---- | C] () -- C:\Windows\eReg.dat [2009.02.20 01:24:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.09.25 10:13:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.06 01:26:37 | 000,000,144 | -H-- | C] () -- C:\Users\Christian\AppData\Roaming\Default.PLS [2008.07.19 15:22:35 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini [2008.04.02 23:48:10 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\741E5852A2.dll [2008.04.02 23:25:06 | 000,084,992 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2008.03.29 17:21:31 | 000,000,887 | ---- | C] () -- C:\Windows\uninst.ini [2008.03.11 20:17:18 | 000,224,768 | -H-- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.11 16:30:11 | 000,007,592 | -H-- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat [2008.03.10 16:25:50 | 000,000,108 | -H-- | C] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat [2008.03.10 14:55:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.03.10 14:36:42 | 000,000,097 | -H-- | C] () -- C:\Users\Christian\AppData\Local\fusioncache.dat [2008.02.19 16:49:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.02.19 15:05:59 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.02.19 15:05:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.19 13:39:39 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2008.02.19 11:28:59 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2008.01.21 09:15:58 | 000,694,338 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,153,292 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.03.26 10:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2007.02.20 14:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.02.20 14:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.02.14 20:55:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.05 10:27:04 | 000,184,320 | ---- | C] () -- C:\Windows\System32\SatSrv.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,365,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,638,344 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,710 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll [2005.07.15 20:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2005.07.15 20:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 514 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
21.04.2011, 12:41
| #7 |
| | TR/Kazy.mekml.1 gefunden Kritischer fehler OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 13:32:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 290,54 Gb Free Space | 65,18% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,52 Gb Free Space | 52,63% Space Free | Partition Type: FAT32
Drive E: | 4,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02315472-6007-4ED3-A8A5-30B84B45BC04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{02B19D77-266C-4116-8326-E080DC71949A}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B1DA635-1F63-4A60-9F98-E2AC5368C457}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C3BECDA-F4FB-45E6-9544-6A1279741577}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DC01C91-77EC-4112-8494-10304EAAF273}" = lport=3390 | protocol=6 | dir=in | app=system |
"{106933CF-BA83-4CEB-BC6A-CAAA2146AD95}" = rport=137 | protocol=17 | dir=out | app=system |
"{149CB624-6706-46F1-B1EF-852E1ACDB3AF}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{16DA6AE4-DBA7-4F58-91FD-C8AACA268B63}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{1B5F7EE9-D975-4B22-8EB3-C868D5068FA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CF52DF9-EB55-4822-B864-53D39EF55B18}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25A4CA32-8173-4909-A12D-62F5583DC3DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{280EA3AF-49A4-4CAF-8466-9D6193DAA516}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D270CEE-15AD-467B-A36A-566BA9ABE608}" = lport=10243 | protocol=6 | dir=in | app=system |
"{34A04B89-6B16-47C6-8D5A-A32402273749}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35CA4297-EF9F-40D9-9097-F461D61A72F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F3ECE08-D866-4AD0-858C-4C64EE7D03CE}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B05DD1F-BAE6-4BC0-9662-FDD97F169F4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{519C5E04-FD40-44DD-B979-561C59CE9AD5}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{577D8327-0507-4768-8A40-71CCFACE70E3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{640F1AD3-0857-4027-BA01-EC9D2ED9C628}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69A8D94C-82CE-4CD6-B669-75AF668EB212}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F6EE6F3-B2B6-44C2-AC91-0F8727B17E30}" = lport=6882 | protocol=6 | dir=in | name=blizzard downloader: 6882 |
"{73F5FA9B-47D2-484D-8157-FB58202796D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{765F52E4-BD0A-4421-856B-54A6C1CB4D4E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8031AF27-FEEA-492B-8D5B-48776F383A22}" = rport=10244 | protocol=6 | dir=out | app=system |
"{814BF6D6-32FB-491E-9204-905A3935DB60}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{829A3DC1-A504-49CD-9DDD-4ACA37BE6246}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F2DF4FC-FD1C-4C40-8622-BE3D64349693}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{92962189-9CF4-4E1A-828D-5CEAF54C497E}" = lport=138 | protocol=17 | dir=in | app=system |
"{9317E70F-B91F-41BF-9228-25AA224D3914}" = lport=445 | protocol=6 | dir=in | app=system |
"{9B4C5A82-96B4-4AC7-80E9-99764D223014}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BD1BE4F-EA1C-48D5-83FD-5B012C1ED070}" = rport=445 | protocol=6 | dir=out | app=system |
"{B17511A1-A687-4E1B-8A6C-BD1713554220}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAB5B828-81D4-45FC-B06D-00869DCFEF2B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C00A537F-11A1-474E-948D-8864E9EEDDE0}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C901F090-AD82-4546-B5A3-7FACC1582659}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CE506621-D0B4-4C66-898B-337782786A42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF646038-1AEB-4391-9CFC-F3E689579F96}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D4E8D8E0-1C4B-4CD9-B263-A60273C676F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E696752A-6182-4F9C-868E-D724E7A54781}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F56CE298-89D5-447A-A888-D638DFD55539}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB1B3256-7339-4898-BFF7-B56F28A806EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF225374-2D0F-4D24-9FC6-17355B3BF4C4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FFA537DD-3FD9-4D39-9A0E-32551D5EDE21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027C161D-CB2D-4299-8CB5-695C790AC9C4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{055D9E1F-E6F3-4DC1-800C-CAACB72876AF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{06C94968-70F1-4888-A1CC-57BBA57B53FC}" = protocol=17 | dir=in | app=c:\program files\tortoisesvn\bin\tortoisemerge.exe |
"{07AD7DED-9F03-47EB-B302-9825AACEFFE5}" = protocol=6 | dir=in | app=c:\program files\tortoisesvn\bin\tortoiseidiff.exe |
"{1190CFDC-5B6F-4E95-BE59-A322F2877102}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{11D71078-7E9F-4ED3-9638-1CF06E35D6AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{155F3F36-3BA2-4494-B7BA-8B87E5080608}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{1C83475C-EE50-46F9-BCB3-0A1F7DF79E04}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{20028EB4-015E-45BB-9BF4-0FA2400C87E5}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{20BBD371-95E7-4E93-BBEA-767D6FFE584C}" = protocol=6 | dir=in | app=c:\program files\tortoisesvn\bin\tortoisemerge.exe |
"{23141A48-3CA1-44E7-80E9-5BC4993C0C06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25ECBE09-7989-4BB2-8193-A51501144B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2CBE82C0-64CF-4F2F-A673-FDDED33CCB38}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E83C23E-76BE-4CE9-AB0F-360D6CE90E90}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{320C011C-6A3B-41D0-A708-4FA13D1BDC2E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe |
"{35B18995-1403-49FE-BA2D-E7180CA1A9EE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{391FE27E-585D-4C73-8A47-7B61C6E892DB}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{41FBF4E3-73E3-43FA-88B6-4B402304C294}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{470D5D92-1CBD-4A9C-9632-2316E0B65DD4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4736007D-0A57-4CB6-8362-F00C350213CE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{4C28279A-476B-49A0-B90A-E2972868BA03}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5737C4EB-4A59-4D6B-9622-D9E63E8ECFF2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{5EA465B0-1F37-4EF6-8AD4-470C6AA7C7BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F729969-C49F-48A4-9793-386678AD269C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{65ECE68D-C836-4729-888B-BA24EF75C71B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7068F218-22AA-4FA1-9929-4DE06A268B33}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{73C75508-F1BD-4A28-BB67-56C57C79A573}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{74FFC42A-EF51-47DF-8389-C273BF8E4BFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7997AC90-4512-4243-B808-6434D2069A2D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{7BBD8740-4B0D-470C-8557-45C0A9FD5057}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BF2D859-36AA-4EB2-B71E-A471BCEF5539}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{850CBDDC-B319-41D0-828D-5B182D38EBCB}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{86895B6B-8554-4599-A773-65C2203FCA47}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{8BC3E084-4FE0-433B-9BAD-F80203755EAD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9199A04F-CD5E-4C7B-ABFD-60AD8121A547}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{92EE3A3B-3687-4B40-B33A-5A2DADAD33DF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{947328F7-FAA5-4883-B553-9C5F9C539C25}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{9CBB9180-0E9D-4525-A866-EE50FE02E189}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D595453-CD4A-4CFF-9FFD-136623996ED8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{9D6D07F0-CA6E-4AEA-A967-C88FFCF44CDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F2031D7-8984-4880-A41E-31F74577C2FC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe |
"{A0E8F9DF-F207-452C-AEEF-B47E87FC00E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A27A8F5B-7AD1-47B1-A0DC-5104CD02D51B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A96BB2BD-409A-42B9-A526-2B3717225E15}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{B5A9E8A1-4646-41C1-919A-CCC1FC15FCEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B71EC2EC-01F7-4431-AFC8-EE692105400E}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{BAFC48D8-B9A5-40D1-BCDD-054CF53FBA60}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{BC18391C-83D5-4341-A6BC-0D558F82D6DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD3B9C58-FAF1-48C1-8014-3B7976859D2B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{BEB8776E-1940-443C-B0CB-5C7603B59201}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C6812261-0A3C-43C2-8949-9AE5157D671F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{CF8BDA6A-7BB9-45A9-B7AA-35CDDABE4109}" = protocol=17 | dir=in | app=c:\program files\tortoisesvn\bin\tortoiseidiff.exe |
"{DB27B800-4B0A-4561-B96E-0C72D8BE679D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{E10EE801-8556-4688-89C8-E9AF74E01C45}" = protocol=6 | dir=out | app=system |
"{EAA531A6-822C-4BE1-8FE5-0A2F68EFD7B2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EBC0B15D-34E3-48D5-85BA-C2CC5BCC3F47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3ECBA52-9DCC-47F6-A021-9E923C2C2B01}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{F77FC5FD-B5C2-41E4-A50E-2ED7B049F76F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{FB0CBA55-13A8-40B5-8221-598E452745FE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{FEB87D16-C6A7-4EFE-8153-F3D8B302BE6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEE0B99D-E190-4899-BFBA-3FA1983DFEC2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FFB2CF94-69EB-4085-9670-6AADA9FD66A6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"TCP Query User{0E8A20DA-BE98-4038-B066-3599DD7F9A21}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{14F905F2-D76E-4D2E-AE23-E5BD0594CF28}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1C9999FC-5A32-4F22-8E4F-81372959A16E}C:\users\christian\desktop\wow-burningcrusade-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\wow-burningcrusade-dede-installer-downloader.exe |
"TCP Query User{1F92D8F0-621E-4EFC-B715-BA318EBAD846}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{2AACB307-A9F9-4C77-87E6-F02F744146E5}C:\program files\ea games\battlefield 1942\bf1942_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942_w32ded.exe |
"TCP Query User{32AD7974-8B4F-4829-BC22-0C876C1F2643}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{3561874C-6A13-4920-A19B-9232FEF42CED}C:\program files\nzbleecher\nntpclient.exe" = protocol=6 | dir=in | app=c:\program files\nzbleecher\nntpclient.exe |
"TCP Query User{38F06687-14FB-4A80-B714-16111626ACAB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{3A7B588D-2008-49D3-B916-E471DE7B89F7}C:\users\christian\appdata\local\temp\blizzard launcher temporary - 0a68d738\launcher.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\blizzard launcher temporary - 0a68d738\launcher.exe |
"TCP Query User{3B240823-79E6-442E-875E-68941CBFB2F5}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{4209E8F0-F5E1-4FA3-BE23-5E5373E2CD11}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{4651F40D-EE4B-4682-AB97-B9D288D7E62E}C:\users\christian\desktop\wotlk_intro_de.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\wotlk_intro_de.avi-downloader.exe |
"TCP Query User{46CBA6D6-3E17-42FD-8053-F8FCC141BD1A}C:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(4).exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(4).exe |
"TCP Query User{4D862380-4AD1-4349-B661-FC3F2CB22925}C:\users\christian\desktop\empires2.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\empires2.exe |
"TCP Query User{51E5D248-03C0-4B21-9215-681BD289FAD1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{551F71CB-E0C5-4EFA-8B79-B09722122F8B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5EC5C46B-243A-44C5-B552-F1BD00CC6450}C:\users\christian\desktop\neuer ordner\empires2.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\neuer ordner\empires2.exe |
"TCP Query User{65AC07D6-1AE1-489D-99B5-27E7DF5C3E77}C:\users\christian\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe |
"TCP Query User{69E5BA45-D53E-4723-91DD-0A8E2632B97F}C:\users\christian\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe |
"TCP Query User{7759253D-4D33-4304-8C21-94C06AE250B9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{8DCF4430-2302-4317-BBDE-B63F6C42710A}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{9004BCFF-D283-4CA9-99BE-34DDA6EB8723}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9896E141-F95D-4166-A6BD-08C33F6F2521}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A1DF468B-1241-492B-B5AD-9E07BFDB4A65}C:\users\christian\documents\my games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\christian\documents\my games\world of warcraft\launcher.exe |
"TCP Query User{A964974B-C22F-4749-A68F-8A653D4661C9}C:\users\christian\downloads\wotlk-beta-3.0.1-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\wotlk-beta-3.0.1-dede-downloader.exe |
"TCP Query User{B70B4633-FA42-4125-B19D-1D3F3E2CDA26}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{BB9CA6A2-7C0B-42EF-BAEB-535AE682A100}C:\users\christian\desktop\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\wow-dede-installer-downloader.exe |
"TCP Query User{BCB79351-6B99-4817-AB85-ED3F0AD8379B}C:\users\christian\appdata\local\temp\blizzard launcher temporary - 9627bd10\launcher.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\blizzard launcher temporary - 9627bd10\launcher.exe |
"TCP Query User{C1248878-6C52-4AC4-A3C6-306487DF9EF3}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C42B9394-996E-4A4E-965F-0A3CDE16E430}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{CD9B61D9-C7FF-4972-A9CE-585FDE05914F}C:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe |
"TCP Query User{D0C41C46-8B67-4DFA-ADC7-8E48119A98FF}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{D3029918-8C89-4280-B038-7A24C0FE5BCF}C:\users\christian\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{D3245998-9A12-46AA-9A4B-9ED347A38FCC}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{DAB6E267-6059-4E81-967F-CC70F8AE1EB7}C:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe |
"TCP Query User{DB2AE655-A9FA-46B2-A378-BF70DEE38E6D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{E2066176-0D02-4359-AFD8-E3E25F1E0A6C}C:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"TCP Query User{EAA81279-DC9C-4846-AFE9-2EE85E9FA67C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F7535D4C-E2F3-4189-AFCE-479F1D5D1551}C:\program files\java\jre1.6.0_04\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\java.exe |
"TCP Query User{FF4A8A2E-CC01-4A1D-BEDB-033F95F7CB41}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"UDP Query User{062EF9FB-4F3C-4830-AF03-A90DC8F93A6C}C:\program files\nzbleecher\nntpclient.exe" = protocol=17 | dir=in | app=c:\program files\nzbleecher\nntpclient.exe |
"UDP Query User{08C68655-621E-4C96-81F5-1EDDB80EAEF8}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{142AE61A-7D1F-40E9-B4C5-C2C01C20FB84}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{24E78905-FA16-4F04-AEFA-6291C0793650}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{38C537D0-1B53-43DB-872A-628FEB3E417A}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{48AD264F-A6A6-4448-B819-0EE79B0B9CD7}C:\users\christian\desktop\wotlk_intro_de.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\wotlk_intro_de.avi-downloader.exe |
"UDP Query User{4968E351-118B-4EFA-A6E9-A9C561E35917}C:\users\christian\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe |
"UDP Query User{4CBBDA96-585A-4DC1-8349-77FBECC89204}C:\users\christian\desktop\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\wow-dede-installer-downloader.exe |
"UDP Query User{5249B7B2-7B72-4978-AA4D-E8908CBBFD81}C:\users\christian\desktop\empires2.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\empires2.exe |
"UDP Query User{5606A033-498E-4D31-86B5-F5520B70CD76}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{5B98573C-921C-43FB-A144-071D6159DBEB}C:\users\christian\documents\my games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\christian\documents\my games\world of warcraft\launcher.exe |
"UDP Query User{5F7E762F-CB7C-4257-A60E-3661600BAA1A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{60195F22-E76B-4148-BE2D-1CED63CB7092}C:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe |
"UDP Query User{65790663-5CE7-4136-957B-026DC188EA9B}C:\users\christian\appdata\local\temp\blizzard launcher temporary - 0a68d738\launcher.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\blizzard launcher temporary - 0a68d738\launcher.exe |
"UDP Query User{677E50B6-80EC-4FEA-97D6-D4CE1AACB555}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{67CB787C-3642-4A4B-930E-D35B145F5B85}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{6AA06B6A-4335-4C6F-80EF-F2DE041B54CB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6FC0BBC9-3820-4337-ABCC-8FD0709FBC23}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{76CB18AE-40B6-4A5F-8EFF-3EAC2D7B561F}C:\users\christian\downloads\wotlk-beta-3.0.1-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\wotlk-beta-3.0.1-dede-downloader.exe |
"UDP Query User{77FB87BD-D776-4A48-9B47-4BC917CA32C6}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{80E5D7A6-81AA-44C1-8C2B-5DDA8DE9C14F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{86EFFDB9-67E7-406E-B57D-CF4FA8AAACD8}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{87FE2C6F-DA48-474B-8966-B2969898DF29}C:\users\christian\desktop\wow-burningcrusade-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\wow-burningcrusade-dede-installer-downloader.exe |
"UDP Query User{88B184E1-3B14-454F-B599-7EE9097AB676}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{8B5EF792-7980-45A3-8A9F-BDDC24B9E3F3}C:\users\christian\appdata\local\temp\blizzard launcher temporary - 9627bd10\launcher.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\blizzard launcher temporary - 9627bd10\launcher.exe |
"UDP Query User{9076AC2F-660C-4240-9DD0-9AA9D3310E25}C:\users\christian\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{95A02081-F631-41D8-9D5D-9F432050C854}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9BD23389-3448-4F4A-89B3-FA164AC7D677}C:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(4).exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(4).exe |
"UDP Query User{9FD170E2-AA38-4E47-8CFB-A83D38F38AA6}C:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"UDP Query User{A89AB1B2-C529-46E4-AA6C-E60F89384904}C:\users\christian\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe |
"UDP Query User{AB333A64-6D37-4C9D-ACC1-D8E3AF0FEB37}C:\program files\ea games\battlefield 1942\bf1942_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942_w32ded.exe |
"UDP Query User{B19D7606-5D5F-4835-A2B3-B8E4CA4F14E3}C:\program files\java\jre1.6.0_04\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\java.exe |
"UDP Query User{B9150A8E-F7F1-427B-B05E-689CF4517CE9}C:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe |
"UDP Query User{C1F2B522-98A4-41FF-B57E-A0F2AEE21828}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D8B751AA-2ABB-435A-9CD9-71E7FBF913B3}C:\users\christian\desktop\neuer ordner\empires2.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\neuer ordner\empires2.exe |
"UDP Query User{E4C08C9C-C57B-48D7-B507-2E92D566B09C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E59F7BAE-E564-41F9-B2AF-DDA26A705AB8}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{E5DF49D5-EC32-4152-B170-E619382EF18A}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{EA4589E9-D862-4F6F-9DEF-83376BA9C83D}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"UDP Query User{F6438131-7AD7-4A00-A11C-1BD1C016C114}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.30
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PokerStars.net" = PokerStars.net
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"QuickPar" = QuickPar 0.9
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Virtualdub 1.4.9" = Virtualdub 1.4.9
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
21.04.2011, 12:49
| #8 |
| /// Malware-holic | TR/Kazy.mekml.1 gefunden Kritischer fehler jo, jetzt brauch ich zeit um mir das anzusehen, mom
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.04.2011, 12:52
| #9 |
| /// Malware-holic | TR/Kazy.mekml.1 gefunden Kritischer fehler • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust) :Files C:\ProgramData\MRtPNAFMRSnT.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. das archiv nach anleitung hochladen: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.04.2011, 14:41
| #10 |
| | TR/Kazy.mekml.1 gefunden Kritischer fehler hier noch die log datei von malwarebytes *Normal scan* Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6412 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 21.04.2011 15:39:58 mbam-log-2011-04-21 (15-39-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 366692 Laufzeit: 1 Stunde(n), 20 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> 4140 -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Value: host-domain-lookup.com -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Value: www.host-domain-lookup.com -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (IESearch Start) Good: (Google) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> No action taken. c:\Users\christian\AppData\Local\Temp\-213E8.tmp (Trojan.Agent) -> No action taken. c:\Users\christian\AppData\Local\Temp\tmp2FD8.tmp (Trojan.FakeAlert) -> No action taken. |
|
21.04.2011, 14:42
| #11 |
| /// Malware-holic | TR/Kazy.mekml.1 gefunden Kritischer fehler wofür schreibe ich anweisungen wenn du dann doch was anderes machst?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.04.2011, 15:00
| #12 |
| | TR/Kazy.mekml.1 gefunden Kritischer fehler entschuldigung hier das text dokument nach dem neustart All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MRtPNAFMRSnT deleted successfully. C:\ProgramData\MRtPNAFMRSnT.exe moved successfully. ========== FILES ========== File\Folder C:\ProgramData\MRtPNAFMRSnT.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Christian ->Flash cache emptied: 5699258 bytes User: Default User: Default User User: IUSR_NMPR User: Mcx1 User: Mcx2 User: Public Total Flash Files Cleaned = 5,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 163842 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Christian ->Temp folder emptied: 925740941 bytes ->Temporary Internet Files folder emptied: 463019196 bytes ->Java cache emptied: 701394 bytes ->FireFox cache emptied: 65461033 bytes ->Google Chrome cache emptied: 6575475 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: IUSR_NMPR ->Temp folder emptied: 1268 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 8053082 bytes User: Mcx2 ->Temp folder emptied: 1536 bytes ->Temporary Internet Files folder emptied: 6033618 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 48 bytes %systemroot%\System32 .tmp files removed: 1858560 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 216003155 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.615,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04212011_155346 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
21.04.2011, 15:09
| #13 |
| /// Malware-holic | TR/Kazy.mekml.1 gefunden Kritischer fehler 1. nutze unhide Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.04.2011, 15:12
| #14 |
| | TR/Kazy.mekml.1 gefunden Kritischer fehler ok Datei: MovedFiles.rar_1 empfangen Vorgang erfolgreich abgeschlossen. habs hochgeladen |
|
21.04.2011, 15:53
| #15 |
| | TR/Kazy.mekml.1 gefunden Kritischer fehler der log vom Combofix Combofix Logfile: Code:
ATTFilter ComboFix 11-04-20.04 - Christian 21.04.2011 16:36:27.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.2169 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\BitDownload
c:\programdata\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload.lnk
c:\users\Christian\AppData\Roaming\.#
c:\users\Christian\AppData\Roaming\.#\MBX@12EC@1EF2930.###
c:\users\Christian\AppData\Roaming\.#\MBX@12EC@1EF2960.###
c:\users\Christian\AppData\Roaming\.#\MBX@12EC@1EF2990.###
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-21 bis 2011-04-21 ))))))))))))))))))))))))))))))
.
.
2011-04-21 14:43 . 2011-04-21 14:43 -------- d-----w- c:\users\Christian\AppData\Local\temp
2011-04-21 14:43 . 2011-04-21 14:43 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-04-21 13:53 . 2011-04-21 14:01 -------- d-----w- C:\_OTL
2011-04-21 10:21 . 2011-04-21 10:21 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes
2011-04-21 10:21 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 10:21 . 2011-04-21 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 20:46 . 2011-03-31 20:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-27 20:52 . 2011-03-27 20:52 -------- d-----w- c:\users\Mcx1\AppData\Roaming\DivX
2011-03-26 15:44 . 2011-03-26 15:44 -------- d-----w- c:\users\Christian\AppData\Local\DDMSettings
2011-03-23 08:49 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 08:49 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 08:49 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 13:15 . 2009-07-05 11:39 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2009-10-03 08:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"more rule"="c:\programdata\Ace Title Title.8rgimy" [X]
"MODE FREE BIRD SURF"="c:\programdata\Mapi Cdrom 4.lla21j" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-29 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-29 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-29 88608]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-06 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-01-07 20:02 495616 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 135664]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-06 135336]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-02-20 5632]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 22:07]
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 22:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bigseekpro.com/facesmooch3/{E717273C-D544-4F20-882C-AABED45901C1}
mStart Page = hxxp://www.bigseekpro.com/facesmooch3/{E717273C-D544-4F20-882C-AABED45901C1}
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\9dj3vsow.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
pref(dom.disable_open_during_load, true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-21 16:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-660221535-240903297-86428604-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d9,63,f8,30,a7,cc,a4,8a,11,81,24,ee,bb,9f,85,60,d8,19,c3,39,7a,0d,03,
dd,f1,c0,4c,2b,60,83,4f,35,05,ca,27,1f,73,86,d3,ab,69,e8,2f,23,4f,c6,74,cd,\
"??"=hex:4e,57,b4,a2,73,1f,f2,69,e1,d0,2f,fa,95,c0,81,e5
.
Zeit der Fertigstellung: 2011-04-21 16:51:49
ComboFix-quarantined-files.txt 2011-04-21 14:51
.
Vor Suchlauf: 12 Verzeichnis(se), 313.213.460.480 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 313.108.140.032 Bytes frei
.
- - End Of File - - 128B2805E60F5B87909C0B57B0E96350
|
|
| Themen zu TR/Kazy.mekml.1 gefunden Kritischer fehler |
| .exe, datei, ereignisse, fehler, gefunde, hoffe, ide, kritischer, kritischer fehler, problem, programm, punkt, seite, situation, tr/kazy.mekml.1, unerwünschtes, unerwünschtes programm, virus, zugriff |
Linear-Darstellung
