| |
| |||||||
Log-Analyse und Auswertung: 'TR/Kazy.21048.8' ; Trojan.FakeAlertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.04.2011, 09:49
| #1 |
| |  'TR/Kazy.21048.8' ; Trojan.FakeAlert Hallo Leute, ich bräuchte mal eure Hilfe... Bisher hatte ich immer recht wenig Probleme mit Viren, aber gestern Abend bellte auf einmal Avira los und seitdem bin ich etwas nervös, zumal ich mit Malwarebytes geladen habe und dort auch noch Sachen gefunden wurde. Es wäre super, wenn jemand mal draufschauen könnte um die Gefahr abzuschätzen. Ich habe mir die Regeln durchgelesen und versuche alles bestmöglich zu posten, sagt mir bescheid, wenn ihr noch was braucht! Vielen Dank schonmal! OTL logfile created on: 28.04.2011 10:31:34 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,49 Gb Total Space | 146,39 Gb Free Space | 50,92% Space Free | Partition Type: NTFS Drive D: | 10,60 Gb Total Space | 1,79 Gb Free Space | 16,87% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1,90 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: FAT Computer Name: PC1 | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.28 10:16:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2011.04.19 18:03:25 | 001,190,680 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.04.19 18:03:17 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.03.24 11:22:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.08.30 15:49:30 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe PRC - [2010.08.30 15:48:28 | 000,065,536 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe PRC - [2010.08.30 15:47:14 | 000,823,296 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.04.05 12:55:01 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.03.02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2009.11.09 20:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2009.08.08 19:33:36 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.13 13:24:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.26 21:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\****\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2008.09.24 19:08:26 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2008.09.24 19:08:26 | 000,116,096 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe PRC - [2008.09.11 13:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (SafeList) ========== MOD - [2011.04.28 10:16:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security) SRV - [2011.04.19 18:03:17 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.04.05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2009.11.09 20:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2009.08.08 19:33:36 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.13 13:24:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2008.09.24 19:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS) SRV - [2008.09.24 19:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS) SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV) SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.02.17 17:38:52 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010.12.03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010.07.10 00:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.22 00:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.12.07 18:56:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.26 09:01:40 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2009.06.13 13:24:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.04 10:06:57 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.09.11 13:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.03.27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "www.n-tv.de" FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 11:22:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.17 18:46:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.07 21:09:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.10 11:46:39 | 000,000,000 | ---D | M] [2010.05.19 20:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.05.19 20:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.27 19:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions [2010.05.26 18:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.28 16:35:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.02.27 13:05:27 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2011.02.27 13:05:27 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.02.27 13:05:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.02.08 07:36:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011.02.27 13:05:22 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.08.28 15:36:37 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\firefox@tvunetworks.com [2009.11.30 18:38:22 | 000,000,873 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vvd19cyu.default\searchplugins\conduit.xml [2011.02.06 16:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.28 16:59:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.14 10:27:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.12.28 16:59:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2009.08.30 16:02:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.08 12:06:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.05.14 10:27:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2011.03.07 18:03:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.07 18:03:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.07 18:03:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.07 18:03:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.07 18:03:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\****\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{213940ee-d386-11de-bdfd-00238b859324}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BC04.vbs O33 - MountPoints2\{6ee6426a-0fa0-11df-8fe5-00238b859324}\Shell\AutoRun\command - "" = WDSetup.exe O33 - MountPoints2\{b2660204-61c1-11df-b217-00238b859324}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BC02.vbs O33 - MountPoints2\{c7311c9f-40ca-11df-a7de-00238b859324}\Shell\AutoRun\command - "" = G:\Menu.exe O33 - MountPoints2\{e41b0ae8-8c03-11df-95e0-00238b859324}\Shell - "" = AutoRun O33 - MountPoints2\{e41b0ae8-8c03-11df-95e0-00238b859324}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{f3356cf5-e26f-11df-933c-00238b859324}\Shell - "" = AutoRun O33 - MountPoints2\{f3356cf5-e26f-11df-933c-00238b859324}\Shell\AutoRun\command - "" = F:\SISetup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 10:30:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.28 10:30:20 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.28 10:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.28 10:16:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\****\Desktop\Erunt-setup.exe [2011.04.28 10:16:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.04.28 10:16:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\TFC.exe [2011.04.28 09:52:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.04.28 09:52:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.28 09:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.28 09:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.28 09:52:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.28 09:52:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.27 21:11:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\6D2D739030AA723C011CA21EDA2A97F0 [2011.04.27 15:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.27 15:43:12 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.27 15:40:22 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.04.22 12:09:31 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner (4) [2011.04.15 20:11:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Sun [2011.04.15 17:16:20 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.15 16:45:03 | 000,000,000 | ---D | C] -- C:\Users\****\mp3 [2011.04.15 12:45:01 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Black Swan - Dvdscr - LD - German - XViD - AOE - Antichrist&Saugiwutz [2011.04.15 12:44:56 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Snatch Schweine und Diamanten (2000) German DL AC3 [2011.04.11 21:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Clarus [2011.04.03 17:25:20 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Audi [2011.03.31 22:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.03.31 22:12:50 | 000,000,000 | ---D | C] -- C:\Programme\Clarus [2009.08.13 19:14:35 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFAA4.dll ========== Files - Modified Within 30 Days ========== [2011.04.28 10:30:21 | 000,000,714 | ---- | M] () -- C:\Users\****\Desktop\ERUNT.lnk [2011.04.28 10:27:23 | 000,141,277 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.28 10:27:09 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.28 10:26:52 | 000,141,277 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.28 10:26:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 10:26:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 10:26:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 10:26:06 | 3186,839,552 | -HS- | M] () -- C:\hiberfil.sys [2011.04.28 10:16:48 | 000,301,568 | ---- | M] () -- C:\Users\****\Desktop\g2m3e4r.exe [2011.04.28 10:16:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\TFC.exe [2011.04.28 10:16:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\****\Desktop\Erunt-setup.exe [2011.04.28 10:16:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.04.28 10:16:00 | 000,377,260 | ---- | M] () -- C:\Users\****\Desktop\Load.exe [2011.04.28 09:52:11 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 15:44:11 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.26 16:42:02 | 005,326,225 | ---- | M] () -- C:\Users\****\Michael McDonald I Keep Forgettin' (1982).mp3 [2011.04.26 16:41:31 | 000,010,702 | -HS- | M] () -- C:\Users\****\Folder.jpg [2011.04.26 16:41:31 | 000,010,702 | -HS- | M] () -- C:\Users\****\AlbumArt_{D5823379-C5C1-44E7-A327-C652E0EC7851}_Large.jpg [2011.04.26 16:41:31 | 000,002,688 | -HS- | M] () -- C:\Users\****\AlbumArtSmall.jpg [2011.04.26 16:41:31 | 000,002,688 | -HS- | M] () -- C:\Users\****\AlbumArt_{D5823379-C5C1-44E7-A327-C652E0EC7851}_Small.jpg [2011.04.26 13:15:09 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.04.26 13:15:09 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.04.24 11:49:31 | 000,467,608 | ---- | M] () -- C:\Users\****\Desktop\Ticket 25.04..pdf [2011.04.22 16:42:10 | 009,153,966 | ---- | M] () -- C:\Users\****\DJ OzYBoY Michael Mcdonald 'I Keep Forgetting' 2008 Remix.mp3 [2011.04.22 14:45:28 | 004,665,084 | ---- | M] () -- C:\Users\****\Ian Carey feat Snoop Dogg Bobby Anthony Last Night (Official Video HD).mp3 [2011.04.22 14:40:18 | 010,175,876 | ---- | M] () -- C:\Users\****\Basto! Gregory's Theme (Extended Mix) (HD 720p).mp3 [2011.04.22 14:16:32 | 009,645,486 | ---- | M] () -- C:\Users\****\Everything But The Girl Missing (Fedde Le Grand Remix).mp3 [2011.04.22 14:08:40 | 006,379,135 | ---- | M] () -- C:\Users\****\Spencer Hill Yeah Yeah Yeah (Electro Mix) HQ 320kbps.mp3 [2011.04.22 14:05:16 | 006,849,339 | ---- | M] () -- C:\Users\****\Wynter Gordon Dirty Talk (Laidback Luke remix).mp3 [2011.04.20 11:01:15 | 005,944,666 | ---- | M] () -- C:\Users\****\LMFAO Party Rock Anthem Lyrics.mp3 [2011.04.20 10:10:29 | 000,467,630 | ---- | M] () -- C:\Users\****\Desktop\Ticket.pdf [2011.04.19 19:20:06 | 004,255,693 | ---- | M] () -- C:\Users\****\[HD] LMFAO Party Rock Anthem Shuffle (BITCH!).mp3 [2011.04.18 23:41:06 | 004,519,634 | ---- | M] () -- C:\Users\****\Tom Novy feat Lima 'Now or Never (2011)' Official video (HD) Lissat Voltaxx Remix.mp3 [2011.04.18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2011.04.17 23:55:46 | 000,627,274 | ---- | M] () -- C:\Users\****\Desktop\sepia.png [2011.04.17 19:56:49 | 042,393,006 | ---- | M] () -- C:\Users\****\Electro House 2011 dJ aSSa Disco Club Mix.mp3 [2011.04.17 13:22:14 | 010,748,898 | ---- | M] () -- C:\Users\****\Fedde Le Grand Get This Feeling (House 2008).mp3 [2011.04.17 13:03:50 | 007,957,139 | ---- | M] () -- C:\Users\****\Fedde Le Grand Patric La Funk Autosave[1].mp3 [2011.04.17 12:53:38 | 007,957,139 | ---- | M] () -- C:\Users\****\Fedde Le Grand Patric La Funk Autosave.mp3 [2011.04.17 12:03:46 | 010,021,649 | ---- | M] () -- C:\Users\****\Avicii Street Dancer (Original Mix).mp3 [2011.04.17 11:57:02 | 006,124,597 | ---- | M] () -- C:\Users\****\Sean Finn No Good (Original Mix 2011).mp3 [2011.04.17 11:46:06 | 009,407,876 | ---- | M] () -- C:\Users\****\DBN ft Jason Caesar All My Life (ORIGINAL MIX).mp3 [2011.04.15 16:29:56 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2011.04.15 14:13:35 | 000,053,248 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.15 13:09:12 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.15 13:09:12 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.15 13:09:12 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.15 13:09:12 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.14 16:11:24 | 000,326,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 09:45:45 | 000,279,235 | ---- | M] () -- C:\Users\****\Desktop\P1010794.jpg [2011.04.11 22:19:41 | 000,004,084 | -HS- | M] () -- C:\Users\****\AlbumArt_{D6CCF8DC-ECAD-46C7-B1DF-EB9DB71FEB5A}_Large.jpg [2011.04.11 22:19:38 | 000,001,452 | -HS- | M] () -- C:\Users\****\AlbumArt_{D6CCF8DC-ECAD-46C7-B1DF-EB9DB71FEB5A}_Small.jpg [2011.04.07 16:40:13 | 000,128,502 | ---- | M] () -- C:\Users\****\Desktop\1024_11c102_0204.jpg [2011.04.06 10:02:34 | 000,299,628 | ---- | M] () -- C:\Users\****\06-04-2011 MB Layout.pdf [2011.04.05 00:01:08 | 001,166,539 | ---- | M] () -- C:\Users\****\Desktop\IMG_0459.JPG [2011.03.31 22:12:50 | 000,000,735 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk [2011.03.31 22:12:50 | 000,000,719 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk [2011.03.31 22:12:50 | 000,000,715 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk ========== Files Created - No Company Name ========== [2011.04.28 10:30:21 | 000,000,714 | ---- | C] () -- C:\Users\****\Desktop\ERUNT.lnk [2011.04.28 10:27:04 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.28 10:16:42 | 000,301,568 | ---- | C] () -- C:\Users\****\Desktop\g2m3e4r.exe [2011.04.28 10:15:57 | 000,377,260 | ---- | C] () -- C:\Users\****\Desktop\Load.exe [2011.04.28 09:52:11 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 15:44:11 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.26 16:41:31 | 000,010,702 | -HS- | C] () -- C:\Users\****\AlbumArt_{D5823379-C5C1-44E7-A327-C652E0EC7851}_Large.jpg [2011.04.26 16:41:31 | 000,002,688 | -HS- | C] () -- C:\Users\****\AlbumArt_{D5823379-C5C1-44E7-A327-C652E0EC7851}_Small.jpg [2011.04.26 13:15:09 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.26 13:15:09 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.04.24 11:49:31 | 000,467,608 | ---- | C] () -- C:\Users\****\Desktop\Ticket 25.04..pdf [2011.04.22 16:41:49 | 009,153,966 | ---- | C] () -- C:\Users\****\DJ OzYBoY Michael Mcdonald 'I Keep Forgetting' 2008 Remix.mp3 [2011.04.22 16:36:01 | 005,326,225 | ---- | C] () -- C:\Users\****\Michael McDonald I Keep Forgettin' (1982).mp3 [2011.04.22 14:45:18 | 004,665,084 | ---- | C] () -- C:\Users\****\Ian Carey feat Snoop Dogg Bobby Anthony Last Night (Official Video HD).mp3 [2011.04.22 14:39:55 | 010,175,876 | ---- | C] () -- C:\Users\****\Basto! Gregory's Theme (Extended Mix) (HD 720p).mp3 [2011.04.22 14:16:13 | 009,645,486 | ---- | C] () -- C:\Users\****\Everything But The Girl Missing (Fedde Le Grand Remix).mp3 [2011.04.22 14:08:26 | 006,379,135 | ---- | C] () -- C:\Users\****\Spencer Hill Yeah Yeah Yeah (Electro Mix) HQ 320kbps.mp3 [2011.04.22 14:05:02 | 006,849,339 | ---- | C] () -- C:\Users\****\Wynter Gordon Dirty Talk (Laidback Luke remix).mp3 [2011.04.20 11:01:02 | 005,944,666 | ---- | C] () -- C:\Users\****\LMFAO Party Rock Anthem Lyrics.mp3 [2011.04.20 10:10:29 | 000,467,630 | ---- | C] () -- C:\Users\****\Desktop\Ticket.pdf [2011.04.19 19:19:57 | 004,255,693 | ---- | C] () -- C:\Users\****\[HD] LMFAO Party Rock Anthem Shuffle (BITCH!).mp3 [2011.04.18 23:40:54 | 004,519,634 | ---- | C] () -- C:\Users\****\Tom Novy feat Lima 'Now or Never (2011)' Official video (HD) Lissat Voltaxx Remix.mp3 [2011.04.17 23:55:40 | 000,627,274 | ---- | C] () -- C:\Users\****\Desktop\sepia.png [2011.04.17 23:53:12 | 002,081,667 | ---- | C] () -- C:\Users\****\Desktop\kopie.JPG [2011.04.17 19:55:19 | 042,393,006 | ---- | C] () -- C:\Users\****\Electro House 2011 dJ aSSa Disco Club Mix.mp3 [2011.04.17 13:21:45 | 010,748,898 | ---- | C] () -- C:\Users\****\Fedde Le Grand Get This Feeling (House 2008).mp3 [2011.04.17 13:03:35 | 007,957,139 | ---- | C] () -- C:\Users\****\Fedde Le Grand Patric La Funk Autosave[1].mp3 [2011.04.17 12:53:22 | 007,957,139 | ---- | C] () -- C:\Users\****\Fedde Le Grand Patric La Funk Autosave.mp3 [2011.04.17 12:03:23 | 010,021,649 | ---- | C] () -- C:\Users\****\Avicii Street Dancer (Original Mix).mp3 [2011.04.17 11:56:47 | 006,124,597 | ---- | C] () -- C:\Users\****\Sean Finn No Good (Original Mix 2011).mp3 [2011.04.17 11:45:44 | 009,407,876 | ---- | C] () -- C:\Users\****\DBN ft Jason Caesar All My Life (ORIGINAL MIX).mp3 [2011.04.15 22:44:10 | 000,525,863 | ---- | C] () -- C:\Users\****\Desktop\Gebel ****hard158 - Kopie.jpg [2011.04.14 22:05:11 | 000,299,628 | ---- | C] () -- C:\Users\****\06-04-2011 MB Layout.pdf [2011.04.14 22:04:35 | 000,001,155 | ---- | C] () -- C:\Users\****\Teddybears - Rock´N´Roll Highschool.m3u [2011.04.13 09:45:45 | 000,279,235 | ---- | C] () -- C:\Users\****\Desktop\P1010794.jpg [2011.04.11 22:19:44 | 000,004,084 | -HS- | C] () -- C:\Users\****\AlbumArt_{D6CCF8DC-ECAD-46C7-B1DF-EB9DB71FEB5A}_Large.jpg [2011.04.11 22:19:44 | 000,001,452 | -HS- | C] () -- C:\Users\****\AlbumArt_{D6CCF8DC-ECAD-46C7-B1DF-EB9DB71FEB5A}_Small.jpg [2011.04.07 16:40:10 | 000,128,502 | ---- | C] () -- C:\Users\****\Desktop\1024_11c102_0204.jpg [2011.04.05 00:47:04 | 001,166,539 | ---- | C] () -- C:\Users\****\Desktop\IMG_0459.JPG [2011.03.31 22:12:50 | 000,000,735 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk [2011.03.31 22:12:50 | 000,000,719 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk [2011.03.31 22:12:50 | 000,000,715 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk [2011.03.23 16:41:05 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.02.27 13:51:45 | 000,116,724 | ---- | C] () -- C:\Windows\hpqins01.dat [2011.02.27 13:50:05 | 000,115,498 | ---- | C] () -- C:\Windows\hpqins13.dat [2011.02.17 18:41:18 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.10.28 10:54:54 | 001,486,848 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE [2010.10.28 10:54:54 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL [2010.10.28 10:54:43 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll [2010.10.28 10:54:39 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2010.10.28 10:54:35 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll [2010.10.05 20:18:20 | 000,099,136 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.07.27 00:23:43 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.07.27 00:23:43 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.07.17 19:03:58 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.02.25 14:48:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.02.21 01:33:09 | 001,606,086 | ---- | C] () -- C:\Users\****\AppData\Local\tmpP1010621.0 [2010.02.21 01:33:09 | 000,356,711 | ---- | C] () -- C:\Users\****\AppData\Local\tmpP1010621.JPG [2010.01.31 03:19:30 | 000,000,295 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.11.19 00:52:17 | 000,130,788 | ---- | C] () -- C:\Windows\hpoins15.dat.temp [2009.11.19 00:52:17 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp [2009.11.19 00:48:03 | 000,158,538 | ---- | C] () -- C:\Windows\hpoins15.dat [2009.11.19 00:48:03 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat [2009.08.24 01:13:11 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2009.08.09 22:43:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.09 22:43:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.09 16:25:56 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2009.05.26 13:41:36 | 000,053,248 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.24 22:00:02 | 000,141,277 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.24 20:15:56 | 000,141,277 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.05.24 20:15:53 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2009.04.01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini [2008.10.22 18:04:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.22 18:01:30 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.10.22 18:01:30 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.10.22 18:01:30 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.10.22 18:01:30 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.10.22 09:56:00 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2008.10.22 09:00:35 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe [2007.08.16 06:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,326,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll ========== LOP Check ========== [2011.04.27 21:11:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\6D2D739030AA723C011CA21EDA2A97F0 [2011.03.23 16:41:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CAD-KAS [2010.07.17 19:04:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2010.09.28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CBL-Electronics [2011.03.23 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2009.05.27 00:16:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Engelmann Media [2011.04.27 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2011.01.15 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kikin [2010.10.01 01:50:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2009.08.13 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MyPhoneExplorer [2009.12.19 13:34:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Octoshape [2009.07.20 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit [2010.05.10 17:54:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PDF Writer [2011.02.28 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Scan2PDF [2010.05.19 20:27:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2010.09.11 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tropico 3 [2009.12.31 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tropico 3 Demo [2009.04.30 22:20:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WildTangent [2009.08.17 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zylom [2011.04.28 10:27:09 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.04.28 10:24:49 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0 < End of report > OTL Extras logfile created on: 28.04.2011 10:31:34 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,49 Gb Total Space | 146,39 Gb Free Space | 50,92% Space Free | Partition Type: NTFS Drive D: | 10,60 Gb Total Space | 1,79 Gb Free Space | 16,87% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1,90 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: FAT Computer Name: PC1 | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01EA6A0C-8F77-4DC2-92CE-9F05C540F6E3}" = lport=6946 | protocol=17 | dir=in | name=league of legends launcher | "{0290A84E-EAD9-44B8-AFA7-A22494A1BBCA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{06305F3C-3E81-4CF8-85A0-C98B3E06948B}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher | "{066BEF52-26AC-4501-BFB7-020FECBD507B}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{147DFF1D-8FDB-43D1-8718-A205158009E6}" = lport=6890 | protocol=6 | dir=in | name=league of legends launcher | "{158DC822-6896-4FCF-9561-B6BC0FE9AEC0}" = lport=6981 | protocol=6 | dir=in | name=league of legends launcher | "{1594CF2D-522B-447B-B4A9-62655041B827}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{15A8FF66-4096-4A96-B5F5-7B2639F8D7C9}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher | "{16156348-9ECF-4966-ABEF-63DBB14FFBD6}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher | "{187C6600-2A57-4AA5-B352-53702E840FD9}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher | "{1DE1C9F0-DF9A-49A7-917A-D3439A39780D}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher | "{24F3A939-FB0F-4B5B-B74F-AE012B576D4D}" = lport=6936 | protocol=17 | dir=in | name=league of legends launcher | "{2994B651-4FC2-40F7-9B9B-D1CFD0F0074B}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher | "{2AE5AD38-7362-4C2E-8DEB-FA3501677E7B}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | "{2CABB6D3-8D05-4E18-8793-C0CD7374BA45}" = lport=2869 | protocol=6 | dir=in | app=system | "{338E9C0C-F250-48BA-922B-9D97EDB39431}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher | "{36D57E29-23BC-4EFA-A075-65F7E943C4C6}" = lport=6931 | protocol=6 | dir=in | name=league of legends launcher | "{425BB00A-E659-4CD6-B586-7BE7221DC976}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{42CFEE47-8829-4A08-920E-BD72A18E4E3F}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher | "{459DF72F-119D-4A40-BF00-C76A7A1A7E84}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher | "{47104189-309D-457A-BDF3-B30E9D935B8B}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | "{486F1C20-1294-4F69-B575-04DF5065413B}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{49361B06-CF70-47C4-9040-B5EBBC2FCA0A}" = lport=6890 | protocol=17 | dir=in | name=league of legends launcher | "{4A32B32B-C045-42BA-A49B-CEDF0B811396}" = lport=6974 | protocol=6 | dir=in | name=league of legends launcher | "{4A592E15-DF65-45B8-9FF3-C2064A343789}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher | "{4E4EA0E9-8D1C-4196-8D02-4FC1D0850BA4}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher | "{4FE35549-33A9-4266-A4E9-73B95E1FE9D6}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher | "{5845B100-BD7A-4558-A3CF-C1EC55631171}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{5A260DAF-9EEC-4462-AAF1-38AB2ECF1AC3}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher | "{5A8F3050-DB16-4840-BF3A-DCF1950C9705}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | "{5BED0A46-EFF0-4AC8-8304-2EEFEAC54B88}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | "{5FE8B21F-4C6B-4E43-9487-8AA79E412021}" = lport=6980 | protocol=6 | dir=in | name=league of legends launcher | "{62567C75-1BC6-44A4-B695-5EF1A06D1D4D}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{65CF4D2A-D00F-4ABA-89AE-23EB72D5F6CA}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher | "{683FE2E7-09DE-4F22-9FBF-9287B6B1ED3B}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{6AC75E5A-A428-41B0-A85A-8D15E1CB9ADB}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher | "{6E38F8CE-EF8F-492C-AD4C-FE67CF86AC6F}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | "{70E496A1-73A3-421D-A32F-B7D74D59BF20}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher | "{712A0821-0F3C-4ADC-AFC8-FAF3924B4FB7}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher | "{7627A060-239E-4F97-9723-E28A59B9996E}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher | "{79FBCFA4-7F64-4CBE-BFA1-D06DC07425FE}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{7D4EFAA8-ACA4-45BB-9AE5-2D2F11148EA3}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher | "{8037FD8E-1013-44FE-9CE6-485AEF351C1B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{80E33359-8688-4E7C-B421-04E09A030C9E}" = lport=6948 | protocol=17 | dir=in | name=league of legends launcher | "{82842B7D-B7A8-46A9-8424-89128A225DDA}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{859F2CE9-CF89-40D8-9012-7C51A703DE35}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | "{8E1C9AE7-30EF-4CDF-9293-4EDF77854E0F}" = lport=6974 | protocol=17 | dir=in | name=league of legends launcher | "{999B077E-A353-4118-940E-6A9FA9F39DC9}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher | "{9BEBF463-90AE-4C21-9196-648C585064D6}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher | "{9C7F585A-A798-4F6E-B62C-02291ECBEB04}" = lport=6946 | protocol=6 | dir=in | name=league of legends launcher | "{A0C59532-D02B-4183-A706-86EB0C2B486B}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher | "{A12E248F-5195-43C8-B0F2-E235019566A1}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher | "{ADBFB2C3-2B25-416D-973F-DF098B5A7650}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher | "{AF78FEB1-D472-4E66-A177-0396262B462B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{B59A5C35-3265-482D-94C0-05F884C4D084}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher | "{B7A859F5-8F02-43F9-8AAF-C3B11E80AA48}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher | "{BB2907BF-3AC0-42F8-9598-BF4C73AE922A}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher | "{BB412C25-D5B3-41D2-B611-A5AB890168B0}" = lport=6931 | protocol=17 | dir=in | name=league of legends launcher | "{BB7F826E-939A-450D-8546-C69D5AA978C6}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher | "{C0A0DD3F-CEBD-46ED-BC90-6EA38D2C890B}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher | "{C3B71E23-8B8B-47F5-89E6-152DD9513892}" = lport=6948 | protocol=6 | dir=in | name=league of legends launcher | "{C4CF0C65-0D42-4DC8-8886-BB426969FBE7}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher | "{C9CC7E29-2CC7-4D7E-8588-5D30A1E97A7A}" = lport=6980 | protocol=17 | dir=in | name=league of legends launcher | "{C9FE7B2F-AF8E-4CA1-8E2A-D43F22F7B8BE}" = lport=6981 | protocol=17 | dir=in | name=league of legends launcher | "{CD683B90-B91A-493F-9C5B-90ABC8D216BC}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{D50C57FE-6EB8-4BEF-87F9-A88190E5D732}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{D87C1B53-B2DA-4CE7-9674-943640812F6F}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher | "{DCB40090-2098-41A5-89A2-FA9ACB6D9460}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{DDD97D65-9FAD-444C-B2A4-705BCEC8A687}" = lport=6936 | protocol=6 | dir=in | name=league of legends launcher | "{E313DA70-CB32-43CD-852A-8C399ED2512F}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{E49B8905-A615-48DB-8CCA-6187B2FB8CE7}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher | "{E84F7758-AEA3-4BC7-AB30-EF77A3A40E6E}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher | "{EB6321B0-4150-4083-AF69-78195061DF1F}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher | "{EBE3EF0C-106C-459C-8FB0-59E515B94E4F}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{F5B5CDDE-19C5-4330-A1F8-4C9F16CBCCF1}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher | "{F69E98EA-13A7-4BB6-BB85-58EC5D635201}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{F799BEA7-32FA-4DF6-8436-5B1B70F07688}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher | "{F9EC5AA4-69D2-42DD-9D37-1B088620BEE8}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035B5197-0529-44E0-A488-F220C71FD59F}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{0520EF8F-08F8-4C5B-9FFC-D52449BAD81C}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{06ED1C61-AE98-4B54-AC12-7842B95222E8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{0F77FB82-40D7-4BDB-B6E2-43D014004021}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{119F7710-D87C-4B69-8465-2107F57B8F3F}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{187871B1-3D8C-4E85-845F-7079106FD0E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{191E3BE2-65A9-48C1-B0DF-546C12E8497D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{1A353CD8-D21C-4569-948B-2FD7B2B0CB8C}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{233CE956-7779-4C56-A0BC-F985ECB580F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2E81E665-1F7B-4085-888C-23B312F4BC51}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{34056837-DDF8-4B85-B8E6-E283A6791E5E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{3C6F2331-CCC1-474F-A70C-3AA047840B20}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | "{3D74314E-D6AA-42C8-82AD-1742D997E825}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3EBC55ED-478C-42DB-AD75-962AC1C7A8C9}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{3F67981E-8920-4007-AF2B-1C8BBB33DFC9}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | "{41D31857-5569-4B5F-AEE1-61A2A17A3E85}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{472A45A2-1DE2-42D1-B4FD-E92C0BE64968}" = protocol=17 | dir=in | app=c:\program files\dvdvideosoft\free youtube to mp3 converter\freeyoutubetomp3converter.exe | "{500222B4-0E11-4693-BAC5-E4A8AD58E4C4}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{53E9F427-B609-4CCD-8200-1C8A7A08CD5F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{574504CE-99C9-4353-8B01-4AD87BE13B44}" = protocol=17 | dir=in | app=c:\program files\windows mail\winmail.exe | "{57B47F81-2BDA-414B-93F9-F5974C1F7D28}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{63D8ECFC-ECF8-4A1D-BBDB-7B1CF4645A32}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{6933001C-5BDA-466F-ABA6-AB3224766B85}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{7052CD23-DF6B-4D7A-9E57-FED924A820D0}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{77AF7E36-80F3-4CFD-A7BA-50808AE5B0F2}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | "{801D648D-7E63-4EDC-B456-6F1639CC86CA}" = protocol=6 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | "{805C3874-9BBC-4E5C-ABC4-B768ADA506AE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{8260068A-B031-48CE-8397-F6ABA0539E01}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{85C902B5-3794-4C4F-A74B-74B95DAC8947}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | "{8E412962-4283-4DBF-B275-9DC3D699633B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{8F703E05-7E05-4770-A788-2427DFDEB1E2}" = protocol=17 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | "{99716EDF-2DD0-45D0-894D-8CAC19221A58}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{A1599A21-468D-42A9-A0FB-14083B8D8975}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{A8ED865B-9A1E-4FEC-8769-53F6D8616A90}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{A9CCFF44-4AEA-4EF3-8DCF-A70F5AF5DCCE}" = dir=in | app=c:\program files\itunes\itunes.exe | "{A9EDC33A-C9CE-4B82-9658-A444CA20A020}" = protocol=6 | dir=in | app=c:\program files\dvdvideosoft\free youtube to mp3 converter\freeyoutubetomp3converter.exe | "{B0232660-3E05-4D06-97AA-8FF7D06228FE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B37DE712-1D13-450E-A265-91B480FECFF7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B41629D8-9D3C-4CB1-AFD9-EFF2B8209897}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe | "{B62ADAED-8A84-4F06-80B8-073A9F31F51B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | "{B6A025A8-987F-4A99-8229-3E4CDF071C53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B81AEC66-8D3C-4769-9D68-58D410A49245}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C58F1D9E-E1EF-4AA4-96DA-CD30ADE16923}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{C8B522AF-C7C0-4A9D-955A-19627F79E3A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CCEF7FDE-5EF4-4D95-A8BD-ADB12472BE6E}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{CD856469-EDE3-4ABC-BED8-9E93DD2B2DF0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CE32913E-8D74-436E-91A3-010765B7C2EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D1DF5523-5DC0-45A3-9CD7-4086E40D2355}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{F6302297-E22B-48A3-A929-EB21BA5C3886}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{F8256AE2-6A76-4B78-AEC3-6AA287CD887F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F9FFC5AC-5218-49D6-8DCD-7AB377218D06}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "TCP Query User{0BFFD20F-4F7E-41EF-8773-A070E188ADA3}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{117326D9-738C-474E-A7FE-A3C0C4045DAD}C:\users\****\desktop\desktop\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\desktop\age of empires 2\age2_x1\age2_x1.exe | "TCP Query User{200E2792-B665-41A5-8617-68256EC59C6C}C:\users\****\desktop\age of empires 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.exe | "TCP Query User{209C431E-880B-4021-A21B-0AF530B89AB8}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{229C82EE-2EF0-457F-A04E-4D7B13C6AA76}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{2C1A33E9-0922-4AC3-9335-23A7E16A7117}C:\users\****\desktop\desktop\age of empires 2\age2_x1.0.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\desktop\age of empires 2\age2_x1.0.exe | "TCP Query User{3B3177ED-335C-4354-929A-101C325DBE47}C:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{3E5F9CD9-FF19-4C23-B76F-47056CB44241}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | "TCP Query User{4110B5F1-18FD-43F7-8D64-E41124513D8F}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{436DE9C0-C47F-4DDF-A6ED-CE2184DC3166}C:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{48D26F94-6196-4661-B9A2-F961D354B27D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{4C472860-53C0-40AD-88BC-AC437EC9F06D}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{53747722-6CF7-4F53-88CF-94AC7DA35E30}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{61B694AE-F318-43BF-99C8-2AE428D7A7F7}C:\users\****\desktop\age of empires 2\age2_x1.0.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0.exe | "TCP Query User{6665AC2D-96CE-4BCA-9A5F-5466F00C689C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{81171D8B-4DD2-42B7-801D-624DBDF2FD10}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{8B8B6925-D9EC-4884-8D0F-9C6E83C94E7E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{978BB9B7-9AAF-4529-A66C-834E47D0A1F5}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | "TCP Query User{A25A28E7-9C04-49B1-A104-D22D4E980AF8}C:\users\****\desktop\age of empires 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.exe | "TCP Query User{AF74104A-C0B2-410D-9B51-3FF874F694A6}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{B8E34403-7A68-4304-8A91-E58635C77C47}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{BAEC43AC-0BBA-43AE-A811-03FF5B36F48A}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | "TCP Query User{C2B512B8-C6E3-4FE0-8B86-84EA804ACFF3}C:\users\****\desktop\age of empires 2\age2_x1.0 +nostartup.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0 +nostartup.exe | "TCP Query User{CEB76C1F-DCCF-4CCE-89D5-6B93243E09C2}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{CF379A59-3A46-4CA0-A386-105D9105AFA4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{D657A5D7-0E3D-4419-8872-2EE604ABA6DE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{E0258587-A40B-4F85-B29D-C1BEC852FE50}C:\users\****\desktop\age of empires 2\age2_x1.0+nostartup.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0+nostartup.exe | "TCP Query User{F5A2B30C-8D5F-433E-BB2B-76F41B89DF1A}C:\program files\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 2d\counterstrike2d.exe | "TCP Query User{FAD04276-1336-42FA-8C26-05562ECE30F9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{FDA91158-EB24-4BB4-B093-C6C011E38737}C:\users\****\desktop\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{00B25CE3-656A-48A6-B0F4-ADECECE8AF73}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{0DC20F6A-03C1-4B94-8A21-33BCEED762CB}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{19731CA1-7FB7-48A3-8614-747017556FF6}C:\program files\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 2d\counterstrike2d.exe | "UDP Query User{1C92B562-A66E-4209-A93C-A26AA1109694}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "UDP Query User{1E4791FA-3576-4017-AA9C-23CA919C85E2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{2D49BC0C-789E-4A6A-B9C4-46F6C117D075}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{2F3C000A-DD90-4327-A01A-70F05ED97B27}C:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{3154C173-B403-4F44-AE3D-D81E1874DEB5}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{372FF715-9759-4406-847A-8D3F6E20CA26}C:\users\****\desktop\age of empires 2\age2_x1.0+nostartup.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0+nostartup.exe | "UDP Query User{4CD92AA3-F81A-4328-84E9-9CA9242DE04A}C:\users\****\desktop\age of empires 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.exe | "UDP Query User{4F8E309F-33EB-444B-BE03-D4C279C96630}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{522964FB-496E-4AEB-8993-B75EC1940959}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | "UDP Query User{5AA61F34-DC4F-47C5-95BE-49D2E3F9F06A}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{5AADFA40-9E45-484C-B39C-BD5AB4511BF3}C:\users\****\desktop\age of empires 2\age2_x1.0.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0.exe | "UDP Query User{642A9747-CC2C-4441-93B4-7278E7378A86}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{8171405E-BCCC-4962-AD00-892B93EBB444}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{862A6B72-B60D-4388-8A8C-483A7DB22A95}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{A615538D-A7D4-4F95-8D6C-B1E410777595}C:\users\****\desktop\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{A67D1D06-BACF-4E14-B0DB-9F5ABAD77A82}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{A9AD4958-9FC3-4C5A-A3C0-A2F2243DC529}C:\users\****\desktop\desktop\age of empires 2\age2_x1.0.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\desktop\age of empires 2\age2_x1.0.exe | "UDP Query User{B13C9B0C-1AEB-49E0-A1F4-80325D3E6C61}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{B7311E9D-D8BD-4BF7-90D8-C357268C8888}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | "UDP Query User{BC040633-A26A-419A-9C62-5E04EEA0C01D}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{CA4C3ACE-02ED-4639-AE64-16A6B858E5C5}C:\users\****\desktop\age of empires 2\age2_x1.0 +nostartup.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0 +nostartup.exe | "UDP Query User{D1684744-EEA5-4696-A18F-F40DD1DB9C10}C:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{D6C9350A-64EB-4F42-84B5-F64D3F1DC6AF}C:\users\****\desktop\desktop\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\desktop\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{DEA1A84D-8B87-4075-A842-1D77ECF65CE7}C:\users\****\desktop\age of empires 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.exe | "UDP Query User{E1000B34-0D64-4404-8E30-57FD38711757}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{EFDA6562-A47C-4C00-8785-9862249CB3E6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{FC51E17A-997C-4876-98A3-78C14097EEE6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{10B6E893-9AD6-4B9C-B91E-605F73063DA3}" = e-mix 5.6.2 Pro Edition "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.007.00 "{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico "{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.5 "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0 "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari "{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0 "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools "{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Empires" = Microsoft Age of Empires "Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe "Ask Toolbar_is1" = Ask Toolbar "aTube Catcher" = aTube Catcher "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.0.0.926 "Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "DivX Setup.divx.com" = DivX-Setup "DS-MP3 Source" = DS-MP3 Source 1.30 "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ERUNT_is1" = ERUNT 1.1j "FL Studio 8" = FL Studio 8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305 "GooglePinyin2" = 谷歌拼音输入法 2.0 "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "Icy Tower v1.4_is1" = Icy Tower v1.4 "IL Download Manager" = IL Download Manager "Imperialismus" = Imperialismus "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "kikin Plugin (CounterStrike2D Edition)" = kikin Plugin (CounterStrike2D Edition) 1.11 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9) "MPE" = MyPhoneExplorer "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor" = Native Instruments Traktor "Native Instruments Traktor DJ Studio v3.0.2.098" = Native Instruments Traktor DJ Studio v3.0.2.098 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Panzer General 3D" = Panzer General 3D "Panzerliga PL v2.4 (CD-Version)_is1" = das Panzer3D Update der CD-Version auf v2.4 "Pharao" = Pharao "PoiZone" = PoiZone "Protect Disc License Helper" = Protect Disc License Helper 1.0.118 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Room Arranger" = Room Arranger (remove only) "Scan2PDF_is1" = Scan2PDF 1.6 "SopCast" = SopCast 3.2.4 "SystemRequirementsLab" = System Requirements Lab "Toxic Biohazard" = Toxic Biohazard "Tropico3" = Tropico 3 1.00 "Tropico3 Demo" = Tropico 3 Demo 1.01 "TVAnts 1.0" = TVAnts 1.0 "UUSEE" = UUSee ÍøÂçµçÊÓ [4.8.307.11] "UUSEE_base" = UUSee ²¥·Å²å¼þ»ù´¡°ü 4.8.306.18 "Veetle TV" = Veetle TV 0.9.18 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.3 "WildTangent hp Master Uninstall" = My HP Games "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Monopoly Deluxe" = Monopoly Deluxe "Move Media Player" = Move Media Player "Octoshape Streaming Services" = Octoshape Streaming Services ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.10.2010 13:40:50 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 177872 Error - 06.10.2010 13:40:51 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06.10.2010 13:40:51 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 178886 Error - 06.10.2010 13:40:51 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 178886 Error - 06.10.2010 13:40:53 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06.10.2010 13:40:53 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 179916 Error - 06.10.2010 13:40:53 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 179916 Error - 06.10.2010 13:40:54 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06.10.2010 13:40:54 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 181070 Error - 06.10.2010 13:40:54 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 181070 [ OSession Events ] Error - 08.12.2010 16:58:22 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24588 seconds with 6420 seconds of active time. This session ended with a crash. Error - 09.01.2011 10:55:53 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 278 seconds with 120 seconds of active time. This session ended with a crash. Error - 09.01.2011 10:57:21 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.08.2009 13:51:07 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&03E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 26.08.2009 13:51:07 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&04E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 27.08.2009 14:41:14 | Computer Name = ****-PC | Source = HTTP | ID = 15016 Description = Error - 27.08.2009 14:41:36 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.08.2009 14:41:36 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.08.2009 14:41:36 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.08.2009 14:45:35 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&01E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 27.08.2009 14:45:35 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&02E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 27.08.2009 14:45:36 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&03E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 27.08.2009 14:45:36 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&04E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. < End of report > |
| Themen zu 'TR/Kazy.21048.8' ; Trojan.FakeAlert |
| 32 bit, ad-aware, alternate, antivir, askbar, autorun, avgntflt.sys, avira, benutzerregistrierung, bho, black, bonjour, c:\windows\system32\rundll32.exe, canon, cdburnerxp, conduit, converter, downloader, error, excel.exe, firefox, flash player, format, home, install.exe, intranet, league of legends, location, logfile, maßnahme, microsoft office word, mozilla, mozilla thunderbird, nvlddmkm.sys, office 2007, oldtimer, plug-in, realtek, registry, rundll, saver, scan, searchplugins, security, security update, senden, shell32.dll, shortcut, skype.exe, software, start menu, studio, super, svchost.exe, tower, viren, vista, wscript.exe |
Baum-Darstellung