| |
| |||||||
Log-Analyse und Auswertung: 'TR/Kazy.21048.8' ; Trojan.FakeAlertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.04.2011, 09:49
| #1 |
| |  'TR/Kazy.21048.8' ; Trojan.FakeAlert Hallo Leute, ich bräuchte mal eure Hilfe... Bisher hatte ich immer recht wenig Probleme mit Viren, aber gestern Abend bellte auf einmal Avira los und seitdem bin ich etwas nervös, zumal ich mit Malwarebytes geladen habe und dort auch noch Sachen gefunden wurde. Es wäre super, wenn jemand mal draufschauen könnte um die Gefahr abzuschätzen. Ich habe mir die Regeln durchgelesen und versuche alles bestmöglich zu posten, sagt mir bescheid, wenn ihr noch was braucht! Vielen Dank schonmal! OTL logfile created on: 28.04.2011 10:31:34 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,49 Gb Total Space | 146,39 Gb Free Space | 50,92% Space Free | Partition Type: NTFS Drive D: | 10,60 Gb Total Space | 1,79 Gb Free Space | 16,87% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1,90 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: FAT Computer Name: PC1 | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.28 10:16:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2011.04.19 18:03:25 | 001,190,680 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.04.19 18:03:17 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.03.24 11:22:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.08.30 15:49:30 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe PRC - [2010.08.30 15:48:28 | 000,065,536 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe PRC - [2010.08.30 15:47:14 | 000,823,296 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.04.05 12:55:01 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.03.02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2009.11.09 20:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2009.08.08 19:33:36 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.13 13:24:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.26 21:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\****\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2008.09.24 19:08:26 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2008.09.24 19:08:26 | 000,116,096 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe PRC - [2008.09.11 13:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (SafeList) ========== MOD - [2011.04.28 10:16:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security) SRV - [2011.04.19 18:03:17 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.04.05 12:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2009.11.09 20:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2009.08.08 19:33:36 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.13 13:24:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2008.09.24 19:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS) SRV - [2008.09.24 19:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS) SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV) SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.02.17 17:38:52 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010.12.03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010.07.10 00:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.22 00:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.12.07 18:56:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.26 09:01:40 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2009.06.13 13:24:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.04 10:06:57 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.09.11 13:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.03.27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "www.n-tv.de" FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 11:22:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.17 18:46:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.07 21:09:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.10 11:46:39 | 000,000,000 | ---D | M] [2010.05.19 20:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.05.19 20:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.27 19:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions [2010.05.26 18:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.28 16:35:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.02.27 13:05:27 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2011.02.27 13:05:27 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.02.27 13:05:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.02.08 07:36:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011.02.27 13:05:22 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.08.28 15:36:37 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\vvd19cyu.default\extensions\firefox@tvunetworks.com [2009.11.30 18:38:22 | 000,000,873 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vvd19cyu.default\searchplugins\conduit.xml [2011.02.06 16:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.28 16:59:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.14 10:27:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.12.28 16:59:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2009.08.30 16:02:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.08 12:06:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.05.14 10:27:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2011.03.07 18:03:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.07 18:03:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.07 18:03:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.07 18:03:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.07 18:03:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\****\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{213940ee-d386-11de-bdfd-00238b859324}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BC04.vbs O33 - MountPoints2\{6ee6426a-0fa0-11df-8fe5-00238b859324}\Shell\AutoRun\command - "" = WDSetup.exe O33 - MountPoints2\{b2660204-61c1-11df-b217-00238b859324}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BC02.vbs O33 - MountPoints2\{c7311c9f-40ca-11df-a7de-00238b859324}\Shell\AutoRun\command - "" = G:\Menu.exe O33 - MountPoints2\{e41b0ae8-8c03-11df-95e0-00238b859324}\Shell - "" = AutoRun O33 - MountPoints2\{e41b0ae8-8c03-11df-95e0-00238b859324}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{f3356cf5-e26f-11df-933c-00238b859324}\Shell - "" = AutoRun O33 - MountPoints2\{f3356cf5-e26f-11df-933c-00238b859324}\Shell\AutoRun\command - "" = F:\SISetup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 10:30:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.28 10:30:20 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.28 10:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.28 10:16:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\****\Desktop\Erunt-setup.exe [2011.04.28 10:16:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.04.28 10:16:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\TFC.exe [2011.04.28 09:52:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.04.28 09:52:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.28 09:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.28 09:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.28 09:52:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.28 09:52:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.27 21:11:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\6D2D739030AA723C011CA21EDA2A97F0 [2011.04.27 15:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.27 15:43:12 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.27 15:40:22 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.04.22 12:09:31 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner (4) [2011.04.15 20:11:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Sun [2011.04.15 17:16:20 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.15 16:45:03 | 000,000,000 | ---D | C] -- C:\Users\****\mp3 [2011.04.15 12:45:01 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Black Swan - Dvdscr - LD - German - XViD - AOE - Antichrist&Saugiwutz [2011.04.15 12:44:56 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Snatch Schweine und Diamanten (2000) German DL AC3 [2011.04.11 21:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Clarus [2011.04.03 17:25:20 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Audi [2011.03.31 22:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.03.31 22:12:50 | 000,000,000 | ---D | C] -- C:\Programme\Clarus [2009.08.13 19:14:35 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFAA4.dll ========== Files - Modified Within 30 Days ========== [2011.04.28 10:30:21 | 000,000,714 | ---- | M] () -- C:\Users\****\Desktop\ERUNT.lnk [2011.04.28 10:27:23 | 000,141,277 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.28 10:27:09 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.28 10:26:52 | 000,141,277 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.28 10:26:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 10:26:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 10:26:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 10:26:06 | 3186,839,552 | -HS- | M] () -- C:\hiberfil.sys [2011.04.28 10:16:48 | 000,301,568 | ---- | M] () -- C:\Users\****\Desktop\g2m3e4r.exe [2011.04.28 10:16:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\TFC.exe [2011.04.28 10:16:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\****\Desktop\Erunt-setup.exe [2011.04.28 10:16:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.04.28 10:16:00 | 000,377,260 | ---- | M] () -- C:\Users\****\Desktop\Load.exe [2011.04.28 09:52:11 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 15:44:11 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.26 16:42:02 | 005,326,225 | ---- | M] () -- C:\Users\****\Michael McDonald I Keep Forgettin' (1982).mp3 [2011.04.26 16:41:31 | 000,010,702 | -HS- | M] () -- C:\Users\****\Folder.jpg [2011.04.26 16:41:31 | 000,010,702 | -HS- | M] () -- C:\Users\****\AlbumArt_{D5823379-C5C1-44E7-A327-C652E0EC7851}_Large.jpg [2011.04.26 16:41:31 | 000,002,688 | -HS- | M] () -- C:\Users\****\AlbumArtSmall.jpg [2011.04.26 16:41:31 | 000,002,688 | -HS- | M] () -- C:\Users\****\AlbumArt_{D5823379-C5C1-44E7-A327-C652E0EC7851}_Small.jpg [2011.04.26 13:15:09 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.04.26 13:15:09 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.04.24 11:49:31 | 000,467,608 | ---- | M] () -- C:\Users\****\Desktop\Ticket 25.04..pdf [2011.04.22 16:42:10 | 009,153,966 | ---- | M] () -- C:\Users\****\DJ OzYBoY Michael Mcdonald 'I Keep Forgetting' 2008 Remix.mp3 [2011.04.22 14:45:28 | 004,665,084 | ---- | M] () -- C:\Users\****\Ian Carey feat Snoop Dogg Bobby Anthony Last Night (Official Video HD).mp3 [2011.04.22 14:40:18 | 010,175,876 | ---- | M] () -- C:\Users\****\Basto! Gregory's Theme (Extended Mix) (HD 720p).mp3 [2011.04.22 14:16:32 | 009,645,486 | ---- | M] () -- C:\Users\****\Everything But The Girl Missing (Fedde Le Grand Remix).mp3 [2011.04.22 14:08:40 | 006,379,135 | ---- | M] () -- C:\Users\****\Spencer Hill Yeah Yeah Yeah (Electro Mix) HQ 320kbps.mp3 [2011.04.22 14:05:16 | 006,849,339 | ---- | M] () -- C:\Users\****\Wynter Gordon Dirty Talk (Laidback Luke remix).mp3 [2011.04.20 11:01:15 | 005,944,666 | ---- | M] () -- C:\Users\****\LMFAO Party Rock Anthem Lyrics.mp3 [2011.04.20 10:10:29 | 000,467,630 | ---- | M] () -- C:\Users\****\Desktop\Ticket.pdf [2011.04.19 19:20:06 | 004,255,693 | ---- | M] () -- C:\Users\****\[HD] LMFAO Party Rock Anthem Shuffle (BITCH!).mp3 [2011.04.18 23:41:06 | 004,519,634 | ---- | M] () -- C:\Users\****\Tom Novy feat Lima 'Now or Never (2011)' Official video (HD) Lissat Voltaxx Remix.mp3 [2011.04.18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2011.04.17 23:55:46 | 000,627,274 | ---- | M] () -- C:\Users\****\Desktop\sepia.png [2011.04.17 19:56:49 | 042,393,006 | ---- | M] () -- C:\Users\****\Electro House 2011 dJ aSSa Disco Club Mix.mp3 [2011.04.17 13:22:14 | 010,748,898 | ---- | M] () -- C:\Users\****\Fedde Le Grand Get This Feeling (House 2008).mp3 [2011.04.17 13:03:50 | 007,957,139 | ---- | M] () -- C:\Users\****\Fedde Le Grand Patric La Funk Autosave[1].mp3 [2011.04.17 12:53:38 | 007,957,139 | ---- | M] () -- C:\Users\****\Fedde Le Grand Patric La Funk Autosave.mp3 [2011.04.17 12:03:46 | 010,021,649 | ---- | M] () -- C:\Users\****\Avicii Street Dancer (Original Mix).mp3 [2011.04.17 11:57:02 | 006,124,597 | ---- | M] () -- C:\Users\****\Sean Finn No Good (Original Mix 2011).mp3 [2011.04.17 11:46:06 | 009,407,876 | ---- | M] () -- C:\Users\****\DBN ft Jason Caesar All My Life (ORIGINAL MIX).mp3 [2011.04.15 16:29:56 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2011.04.15 14:13:35 | 000,053,248 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.15 13:09:12 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.15 13:09:12 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.15 13:09:12 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.15 13:09:12 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.14 16:11:24 | 000,326,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 09:45:45 | 000,279,235 | ---- | M] () -- C:\Users\****\Desktop\P1010794.jpg [2011.04.11 22:19:41 | 000,004,084 | -HS- | M] () -- C:\Users\****\AlbumArt_{D6CCF8DC-ECAD-46C7-B1DF-EB9DB71FEB5A}_Large.jpg [2011.04.11 22:19:38 | 000,001,452 | -HS- | M] () -- C:\Users\****\AlbumArt_{D6CCF8DC-ECAD-46C7-B1DF-EB9DB71FEB5A}_Small.jpg [2011.04.07 16:40:13 | 000,128,502 | ---- | M] () -- C:\Users\****\Desktop\1024_11c102_0204.jpg [2011.04.06 10:02:34 | 000,299,628 | ---- | M] () -- C:\Users\****\06-04-2011 MB Layout.pdf [2011.04.05 00:01:08 | 001,166,539 | ---- | M] () -- C:\Users\****\Desktop\IMG_0459.JPG [2011.03.31 22:12:50 | 000,000,735 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk [2011.03.31 22:12:50 | 000,000,719 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk [2011.03.31 22:12:50 | 000,000,715 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk ========== Files Created - No Company Name ========== [2011.04.28 10:30:21 | 000,000,714 | ---- | C] () -- C:\Users\****\Desktop\ERUNT.lnk [2011.04.28 10:27:04 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.28 10:16:42 | 000,301,568 | ---- | C] () -- C:\Users\****\Desktop\g2m3e4r.exe [2011.04.28 10:15:57 | 000,377,260 | ---- | C] () -- C:\Users\****\Desktop\Load.exe [2011.04.28 09:52:11 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 15:44:11 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.26 16:41:31 | 000,010,702 | -HS- | C] () -- C:\Users\****\AlbumArt_{D5823379-C5C1-44E7-A327-C652E0EC7851}_Large.jpg [2011.04.26 16:41:31 | 000,002,688 | -HS- | C] () -- C:\Users\****\AlbumArt_{D5823379-C5C1-44E7-A327-C652E0EC7851}_Small.jpg [2011.04.26 13:15:09 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.26 13:15:09 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.04.24 11:49:31 | 000,467,608 | ---- | C] () -- C:\Users\****\Desktop\Ticket 25.04..pdf [2011.04.22 16:41:49 | 009,153,966 | ---- | C] () -- C:\Users\****\DJ OzYBoY Michael Mcdonald 'I Keep Forgetting' 2008 Remix.mp3 [2011.04.22 16:36:01 | 005,326,225 | ---- | C] () -- C:\Users\****\Michael McDonald I Keep Forgettin' (1982).mp3 [2011.04.22 14:45:18 | 004,665,084 | ---- | C] () -- C:\Users\****\Ian Carey feat Snoop Dogg Bobby Anthony Last Night (Official Video HD).mp3 [2011.04.22 14:39:55 | 010,175,876 | ---- | C] () -- C:\Users\****\Basto! Gregory's Theme (Extended Mix) (HD 720p).mp3 [2011.04.22 14:16:13 | 009,645,486 | ---- | C] () -- C:\Users\****\Everything But The Girl Missing (Fedde Le Grand Remix).mp3 [2011.04.22 14:08:26 | 006,379,135 | ---- | C] () -- C:\Users\****\Spencer Hill Yeah Yeah Yeah (Electro Mix) HQ 320kbps.mp3 [2011.04.22 14:05:02 | 006,849,339 | ---- | C] () -- C:\Users\****\Wynter Gordon Dirty Talk (Laidback Luke remix).mp3 [2011.04.20 11:01:02 | 005,944,666 | ---- | C] () -- C:\Users\****\LMFAO Party Rock Anthem Lyrics.mp3 [2011.04.20 10:10:29 | 000,467,630 | ---- | C] () -- C:\Users\****\Desktop\Ticket.pdf [2011.04.19 19:19:57 | 004,255,693 | ---- | C] () -- C:\Users\****\[HD] LMFAO Party Rock Anthem Shuffle (BITCH!).mp3 [2011.04.18 23:40:54 | 004,519,634 | ---- | C] () -- C:\Users\****\Tom Novy feat Lima 'Now or Never (2011)' Official video (HD) Lissat Voltaxx Remix.mp3 [2011.04.17 23:55:40 | 000,627,274 | ---- | C] () -- C:\Users\****\Desktop\sepia.png [2011.04.17 23:53:12 | 002,081,667 | ---- | C] () -- C:\Users\****\Desktop\kopie.JPG [2011.04.17 19:55:19 | 042,393,006 | ---- | C] () -- C:\Users\****\Electro House 2011 dJ aSSa Disco Club Mix.mp3 [2011.04.17 13:21:45 | 010,748,898 | ---- | C] () -- C:\Users\****\Fedde Le Grand Get This Feeling (House 2008).mp3 [2011.04.17 13:03:35 | 007,957,139 | ---- | C] () -- C:\Users\****\Fedde Le Grand Patric La Funk Autosave[1].mp3 [2011.04.17 12:53:22 | 007,957,139 | ---- | C] () -- C:\Users\****\Fedde Le Grand Patric La Funk Autosave.mp3 [2011.04.17 12:03:23 | 010,021,649 | ---- | C] () -- C:\Users\****\Avicii Street Dancer (Original Mix).mp3 [2011.04.17 11:56:47 | 006,124,597 | ---- | C] () -- C:\Users\****\Sean Finn No Good (Original Mix 2011).mp3 [2011.04.17 11:45:44 | 009,407,876 | ---- | C] () -- C:\Users\****\DBN ft Jason Caesar All My Life (ORIGINAL MIX).mp3 [2011.04.15 22:44:10 | 000,525,863 | ---- | C] () -- C:\Users\****\Desktop\Gebel ****hard158 - Kopie.jpg [2011.04.14 22:05:11 | 000,299,628 | ---- | C] () -- C:\Users\****\06-04-2011 MB Layout.pdf [2011.04.14 22:04:35 | 000,001,155 | ---- | C] () -- C:\Users\****\Teddybears - Rock´N´Roll Highschool.m3u [2011.04.13 09:45:45 | 000,279,235 | ---- | C] () -- C:\Users\****\Desktop\P1010794.jpg [2011.04.11 22:19:44 | 000,004,084 | -HS- | C] () -- C:\Users\****\AlbumArt_{D6CCF8DC-ECAD-46C7-B1DF-EB9DB71FEB5A}_Large.jpg [2011.04.11 22:19:44 | 000,001,452 | -HS- | C] () -- C:\Users\****\AlbumArt_{D6CCF8DC-ECAD-46C7-B1DF-EB9DB71FEB5A}_Small.jpg [2011.04.07 16:40:10 | 000,128,502 | ---- | C] () -- C:\Users\****\Desktop\1024_11c102_0204.jpg [2011.04.05 00:47:04 | 001,166,539 | ---- | C] () -- C:\Users\****\Desktop\IMG_0459.JPG [2011.03.31 22:12:50 | 000,000,735 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk [2011.03.31 22:12:50 | 000,000,719 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk [2011.03.31 22:12:50 | 000,000,715 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk [2011.03.23 16:41:05 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.02.27 13:51:45 | 000,116,724 | ---- | C] () -- C:\Windows\hpqins01.dat [2011.02.27 13:50:05 | 000,115,498 | ---- | C] () -- C:\Windows\hpqins13.dat [2011.02.17 18:41:18 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.10.28 10:54:54 | 001,486,848 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE [2010.10.28 10:54:54 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL [2010.10.28 10:54:43 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll [2010.10.28 10:54:39 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2010.10.28 10:54:35 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll [2010.10.05 20:18:20 | 000,099,136 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.07.27 00:23:43 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.07.27 00:23:43 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.07.17 19:03:58 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.02.25 14:48:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.02.21 01:33:09 | 001,606,086 | ---- | C] () -- C:\Users\****\AppData\Local\tmpP1010621.0 [2010.02.21 01:33:09 | 000,356,711 | ---- | C] () -- C:\Users\****\AppData\Local\tmpP1010621.JPG [2010.01.31 03:19:30 | 000,000,295 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.11.19 00:52:17 | 000,130,788 | ---- | C] () -- C:\Windows\hpoins15.dat.temp [2009.11.19 00:52:17 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp [2009.11.19 00:48:03 | 000,158,538 | ---- | C] () -- C:\Windows\hpoins15.dat [2009.11.19 00:48:03 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat [2009.08.24 01:13:11 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2009.08.09 22:43:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.09 22:43:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.09 16:25:56 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2009.05.26 13:41:36 | 000,053,248 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.24 22:00:02 | 000,141,277 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.24 20:15:56 | 000,141,277 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.05.24 20:15:53 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2009.04.01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini [2008.10.22 18:04:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.22 18:01:30 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.10.22 18:01:30 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.10.22 18:01:30 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.10.22 18:01:30 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.10.22 09:56:00 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2008.10.22 09:00:35 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe [2007.08.16 06:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,326,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll ========== LOP Check ========== [2011.04.27 21:11:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\6D2D739030AA723C011CA21EDA2A97F0 [2011.03.23 16:41:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CAD-KAS [2010.07.17 19:04:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2010.09.28 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CBL-Electronics [2011.03.23 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2009.05.27 00:16:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Engelmann Media [2011.04.27 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2011.01.15 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kikin [2010.10.01 01:50:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2009.08.13 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MyPhoneExplorer [2009.12.19 13:34:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Octoshape [2009.07.20 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit [2010.05.10 17:54:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PDF Writer [2011.02.28 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Scan2PDF [2010.05.19 20:27:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2010.09.11 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tropico 3 [2009.12.31 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tropico 3 Demo [2009.04.30 22:20:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WildTangent [2009.08.17 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zylom [2011.04.28 10:27:09 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.04.28 10:24:49 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0 < End of report > OTL Extras logfile created on: 28.04.2011 10:31:34 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,49 Gb Total Space | 146,39 Gb Free Space | 50,92% Space Free | Partition Type: NTFS Drive D: | 10,60 Gb Total Space | 1,79 Gb Free Space | 16,87% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1,90 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: FAT Computer Name: PC1 | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01EA6A0C-8F77-4DC2-92CE-9F05C540F6E3}" = lport=6946 | protocol=17 | dir=in | name=league of legends launcher | "{0290A84E-EAD9-44B8-AFA7-A22494A1BBCA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{06305F3C-3E81-4CF8-85A0-C98B3E06948B}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher | "{066BEF52-26AC-4501-BFB7-020FECBD507B}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{147DFF1D-8FDB-43D1-8718-A205158009E6}" = lport=6890 | protocol=6 | dir=in | name=league of legends launcher | "{158DC822-6896-4FCF-9561-B6BC0FE9AEC0}" = lport=6981 | protocol=6 | dir=in | name=league of legends launcher | "{1594CF2D-522B-447B-B4A9-62655041B827}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{15A8FF66-4096-4A96-B5F5-7B2639F8D7C9}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher | "{16156348-9ECF-4966-ABEF-63DBB14FFBD6}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher | "{187C6600-2A57-4AA5-B352-53702E840FD9}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher | "{1DE1C9F0-DF9A-49A7-917A-D3439A39780D}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher | "{24F3A939-FB0F-4B5B-B74F-AE012B576D4D}" = lport=6936 | protocol=17 | dir=in | name=league of legends launcher | "{2994B651-4FC2-40F7-9B9B-D1CFD0F0074B}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher | "{2AE5AD38-7362-4C2E-8DEB-FA3501677E7B}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | "{2CABB6D3-8D05-4E18-8793-C0CD7374BA45}" = lport=2869 | protocol=6 | dir=in | app=system | "{338E9C0C-F250-48BA-922B-9D97EDB39431}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher | "{36D57E29-23BC-4EFA-A075-65F7E943C4C6}" = lport=6931 | protocol=6 | dir=in | name=league of legends launcher | "{425BB00A-E659-4CD6-B586-7BE7221DC976}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{42CFEE47-8829-4A08-920E-BD72A18E4E3F}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher | "{459DF72F-119D-4A40-BF00-C76A7A1A7E84}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher | "{47104189-309D-457A-BDF3-B30E9D935B8B}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | "{486F1C20-1294-4F69-B575-04DF5065413B}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{49361B06-CF70-47C4-9040-B5EBBC2FCA0A}" = lport=6890 | protocol=17 | dir=in | name=league of legends launcher | "{4A32B32B-C045-42BA-A49B-CEDF0B811396}" = lport=6974 | protocol=6 | dir=in | name=league of legends launcher | "{4A592E15-DF65-45B8-9FF3-C2064A343789}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher | "{4E4EA0E9-8D1C-4196-8D02-4FC1D0850BA4}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher | "{4FE35549-33A9-4266-A4E9-73B95E1FE9D6}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher | "{5845B100-BD7A-4558-A3CF-C1EC55631171}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{5A260DAF-9EEC-4462-AAF1-38AB2ECF1AC3}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher | "{5A8F3050-DB16-4840-BF3A-DCF1950C9705}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | "{5BED0A46-EFF0-4AC8-8304-2EEFEAC54B88}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | "{5FE8B21F-4C6B-4E43-9487-8AA79E412021}" = lport=6980 | protocol=6 | dir=in | name=league of legends launcher | "{62567C75-1BC6-44A4-B695-5EF1A06D1D4D}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{65CF4D2A-D00F-4ABA-89AE-23EB72D5F6CA}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher | "{683FE2E7-09DE-4F22-9FBF-9287B6B1ED3B}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{6AC75E5A-A428-41B0-A85A-8D15E1CB9ADB}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher | "{6E38F8CE-EF8F-492C-AD4C-FE67CF86AC6F}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | "{70E496A1-73A3-421D-A32F-B7D74D59BF20}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher | "{712A0821-0F3C-4ADC-AFC8-FAF3924B4FB7}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher | "{7627A060-239E-4F97-9723-E28A59B9996E}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher | "{79FBCFA4-7F64-4CBE-BFA1-D06DC07425FE}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{7D4EFAA8-ACA4-45BB-9AE5-2D2F11148EA3}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher | "{8037FD8E-1013-44FE-9CE6-485AEF351C1B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{80E33359-8688-4E7C-B421-04E09A030C9E}" = lport=6948 | protocol=17 | dir=in | name=league of legends launcher | "{82842B7D-B7A8-46A9-8424-89128A225DDA}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{859F2CE9-CF89-40D8-9012-7C51A703DE35}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | "{8E1C9AE7-30EF-4CDF-9293-4EDF77854E0F}" = lport=6974 | protocol=17 | dir=in | name=league of legends launcher | "{999B077E-A353-4118-940E-6A9FA9F39DC9}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher | "{9BEBF463-90AE-4C21-9196-648C585064D6}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher | "{9C7F585A-A798-4F6E-B62C-02291ECBEB04}" = lport=6946 | protocol=6 | dir=in | name=league of legends launcher | "{A0C59532-D02B-4183-A706-86EB0C2B486B}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher | "{A12E248F-5195-43C8-B0F2-E235019566A1}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher | "{ADBFB2C3-2B25-416D-973F-DF098B5A7650}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher | "{AF78FEB1-D472-4E66-A177-0396262B462B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{B59A5C35-3265-482D-94C0-05F884C4D084}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher | "{B7A859F5-8F02-43F9-8AAF-C3B11E80AA48}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher | "{BB2907BF-3AC0-42F8-9598-BF4C73AE922A}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher | "{BB412C25-D5B3-41D2-B611-A5AB890168B0}" = lport=6931 | protocol=17 | dir=in | name=league of legends launcher | "{BB7F826E-939A-450D-8546-C69D5AA978C6}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher | "{C0A0DD3F-CEBD-46ED-BC90-6EA38D2C890B}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher | "{C3B71E23-8B8B-47F5-89E6-152DD9513892}" = lport=6948 | protocol=6 | dir=in | name=league of legends launcher | "{C4CF0C65-0D42-4DC8-8886-BB426969FBE7}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher | "{C9CC7E29-2CC7-4D7E-8588-5D30A1E97A7A}" = lport=6980 | protocol=17 | dir=in | name=league of legends launcher | "{C9FE7B2F-AF8E-4CA1-8E2A-D43F22F7B8BE}" = lport=6981 | protocol=17 | dir=in | name=league of legends launcher | "{CD683B90-B91A-493F-9C5B-90ABC8D216BC}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{D50C57FE-6EB8-4BEF-87F9-A88190E5D732}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{D87C1B53-B2DA-4CE7-9674-943640812F6F}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher | "{DCB40090-2098-41A5-89A2-FA9ACB6D9460}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{DDD97D65-9FAD-444C-B2A4-705BCEC8A687}" = lport=6936 | protocol=6 | dir=in | name=league of legends launcher | "{E313DA70-CB32-43CD-852A-8C399ED2512F}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{E49B8905-A615-48DB-8CCA-6187B2FB8CE7}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher | "{E84F7758-AEA3-4BC7-AB30-EF77A3A40E6E}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher | "{EB6321B0-4150-4083-AF69-78195061DF1F}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher | "{EBE3EF0C-106C-459C-8FB0-59E515B94E4F}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{F5B5CDDE-19C5-4330-A1F8-4C9F16CBCCF1}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher | "{F69E98EA-13A7-4BB6-BB85-58EC5D635201}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{F799BEA7-32FA-4DF6-8436-5B1B70F07688}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher | "{F9EC5AA4-69D2-42DD-9D37-1B088620BEE8}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035B5197-0529-44E0-A488-F220C71FD59F}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{0520EF8F-08F8-4C5B-9FFC-D52449BAD81C}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{06ED1C61-AE98-4B54-AC12-7842B95222E8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{0F77FB82-40D7-4BDB-B6E2-43D014004021}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{119F7710-D87C-4B69-8465-2107F57B8F3F}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{187871B1-3D8C-4E85-845F-7079106FD0E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{191E3BE2-65A9-48C1-B0DF-546C12E8497D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{1A353CD8-D21C-4569-948B-2FD7B2B0CB8C}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{233CE956-7779-4C56-A0BC-F985ECB580F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2E81E665-1F7B-4085-888C-23B312F4BC51}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{34056837-DDF8-4B85-B8E6-E283A6791E5E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{3C6F2331-CCC1-474F-A70C-3AA047840B20}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | "{3D74314E-D6AA-42C8-82AD-1742D997E825}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3EBC55ED-478C-42DB-AD75-962AC1C7A8C9}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{3F67981E-8920-4007-AF2B-1C8BBB33DFC9}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | "{41D31857-5569-4B5F-AEE1-61A2A17A3E85}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{472A45A2-1DE2-42D1-B4FD-E92C0BE64968}" = protocol=17 | dir=in | app=c:\program files\dvdvideosoft\free youtube to mp3 converter\freeyoutubetomp3converter.exe | "{500222B4-0E11-4693-BAC5-E4A8AD58E4C4}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{53E9F427-B609-4CCD-8200-1C8A7A08CD5F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{574504CE-99C9-4353-8B01-4AD87BE13B44}" = protocol=17 | dir=in | app=c:\program files\windows mail\winmail.exe | "{57B47F81-2BDA-414B-93F9-F5974C1F7D28}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{63D8ECFC-ECF8-4A1D-BBDB-7B1CF4645A32}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{6933001C-5BDA-466F-ABA6-AB3224766B85}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{7052CD23-DF6B-4D7A-9E57-FED924A820D0}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{77AF7E36-80F3-4CFD-A7BA-50808AE5B0F2}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | "{801D648D-7E63-4EDC-B456-6F1639CC86CA}" = protocol=6 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | "{805C3874-9BBC-4E5C-ABC4-B768ADA506AE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{8260068A-B031-48CE-8397-F6ABA0539E01}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{85C902B5-3794-4C4F-A74B-74B95DAC8947}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | "{8E412962-4283-4DBF-B275-9DC3D699633B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{8F703E05-7E05-4770-A788-2427DFDEB1E2}" = protocol=17 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | "{99716EDF-2DD0-45D0-894D-8CAC19221A58}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{A1599A21-468D-42A9-A0FB-14083B8D8975}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{A8ED865B-9A1E-4FEC-8769-53F6D8616A90}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{A9CCFF44-4AEA-4EF3-8DCF-A70F5AF5DCCE}" = dir=in | app=c:\program files\itunes\itunes.exe | "{A9EDC33A-C9CE-4B82-9658-A444CA20A020}" = protocol=6 | dir=in | app=c:\program files\dvdvideosoft\free youtube to mp3 converter\freeyoutubetomp3converter.exe | "{B0232660-3E05-4D06-97AA-8FF7D06228FE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B37DE712-1D13-450E-A265-91B480FECFF7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B41629D8-9D3C-4CB1-AFD9-EFF2B8209897}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe | "{B62ADAED-8A84-4F06-80B8-073A9F31F51B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | "{B6A025A8-987F-4A99-8229-3E4CDF071C53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B81AEC66-8D3C-4769-9D68-58D410A49245}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C58F1D9E-E1EF-4AA4-96DA-CD30ADE16923}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{C8B522AF-C7C0-4A9D-955A-19627F79E3A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CCEF7FDE-5EF4-4D95-A8BD-ADB12472BE6E}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{CD856469-EDE3-4ABC-BED8-9E93DD2B2DF0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CE32913E-8D74-436E-91A3-010765B7C2EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D1DF5523-5DC0-45A3-9CD7-4086E40D2355}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{F6302297-E22B-48A3-A929-EB21BA5C3886}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{F8256AE2-6A76-4B78-AEC3-6AA287CD887F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F9FFC5AC-5218-49D6-8DCD-7AB377218D06}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "TCP Query User{0BFFD20F-4F7E-41EF-8773-A070E188ADA3}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{117326D9-738C-474E-A7FE-A3C0C4045DAD}C:\users\****\desktop\desktop\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\desktop\age of empires 2\age2_x1\age2_x1.exe | "TCP Query User{200E2792-B665-41A5-8617-68256EC59C6C}C:\users\****\desktop\age of empires 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.exe | "TCP Query User{209C431E-880B-4021-A21B-0AF530B89AB8}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{229C82EE-2EF0-457F-A04E-4D7B13C6AA76}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{2C1A33E9-0922-4AC3-9335-23A7E16A7117}C:\users\****\desktop\desktop\age of empires 2\age2_x1.0.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\desktop\age of empires 2\age2_x1.0.exe | "TCP Query User{3B3177ED-335C-4354-929A-101C325DBE47}C:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{3E5F9CD9-FF19-4C23-B76F-47056CB44241}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | "TCP Query User{4110B5F1-18FD-43F7-8D64-E41124513D8F}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{436DE9C0-C47F-4DDF-A6ED-CE2184DC3166}C:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{48D26F94-6196-4661-B9A2-F961D354B27D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{4C472860-53C0-40AD-88BC-AC437EC9F06D}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{53747722-6CF7-4F53-88CF-94AC7DA35E30}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{61B694AE-F318-43BF-99C8-2AE428D7A7F7}C:\users\****\desktop\age of empires 2\age2_x1.0.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0.exe | "TCP Query User{6665AC2D-96CE-4BCA-9A5F-5466F00C689C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{81171D8B-4DD2-42B7-801D-624DBDF2FD10}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{8B8B6925-D9EC-4884-8D0F-9C6E83C94E7E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{978BB9B7-9AAF-4529-A66C-834E47D0A1F5}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | "TCP Query User{A25A28E7-9C04-49B1-A104-D22D4E980AF8}C:\users\****\desktop\age of empires 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.exe | "TCP Query User{AF74104A-C0B2-410D-9B51-3FF874F694A6}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{B8E34403-7A68-4304-8A91-E58635C77C47}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{BAEC43AC-0BBA-43AE-A811-03FF5B36F48A}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | "TCP Query User{C2B512B8-C6E3-4FE0-8B86-84EA804ACFF3}C:\users\****\desktop\age of empires 2\age2_x1.0 +nostartup.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0 +nostartup.exe | "TCP Query User{CEB76C1F-DCCF-4CCE-89D5-6B93243E09C2}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{CF379A59-3A46-4CA0-A386-105D9105AFA4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{D657A5D7-0E3D-4419-8872-2EE604ABA6DE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{E0258587-A40B-4F85-B29D-C1BEC852FE50}C:\users\****\desktop\age of empires 2\age2_x1.0+nostartup.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0+nostartup.exe | "TCP Query User{F5A2B30C-8D5F-433E-BB2B-76F41B89DF1A}C:\program files\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 2d\counterstrike2d.exe | "TCP Query User{FAD04276-1336-42FA-8C26-05562ECE30F9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{FDA91158-EB24-4BB4-B093-C6C011E38737}C:\users\****\desktop\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{00B25CE3-656A-48A6-B0F4-ADECECE8AF73}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{0DC20F6A-03C1-4B94-8A21-33BCEED762CB}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{19731CA1-7FB7-48A3-8614-747017556FF6}C:\program files\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 2d\counterstrike2d.exe | "UDP Query User{1C92B562-A66E-4209-A93C-A26AA1109694}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "UDP Query User{1E4791FA-3576-4017-AA9C-23CA919C85E2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{2D49BC0C-789E-4A6A-B9C4-46F6C117D075}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{2F3C000A-DD90-4327-A01A-70F05ED97B27}C:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{3154C173-B403-4F44-AE3D-D81E1874DEB5}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{372FF715-9759-4406-847A-8D3F6E20CA26}C:\users\****\desktop\age of empires 2\age2_x1.0+nostartup.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0+nostartup.exe | "UDP Query User{4CD92AA3-F81A-4328-84E9-9CA9242DE04A}C:\users\****\desktop\age of empires 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.exe | "UDP Query User{4F8E309F-33EB-444B-BE03-D4C279C96630}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{522964FB-496E-4AEB-8993-B75EC1940959}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | "UDP Query User{5AA61F34-DC4F-47C5-95BE-49D2E3F9F06A}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{5AADFA40-9E45-484C-B39C-BD5AB4511BF3}C:\users\****\desktop\age of empires 2\age2_x1.0.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0.exe | "UDP Query User{642A9747-CC2C-4441-93B4-7278E7378A86}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{8171405E-BCCC-4962-AD00-892B93EBB444}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{862A6B72-B60D-4388-8A8C-483A7DB22A95}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{A615538D-A7D4-4F95-8D6C-B1E410777595}C:\users\****\desktop\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{A67D1D06-BACF-4E14-B0DB-9F5ABAD77A82}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{A9AD4958-9FC3-4C5A-A3C0-A2F2243DC529}C:\users\****\desktop\desktop\age of empires 2\age2_x1.0.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\desktop\age of empires 2\age2_x1.0.exe | "UDP Query User{B13C9B0C-1AEB-49E0-A1F4-80325D3E6C61}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{B7311E9D-D8BD-4BF7-90D8-C357268C8888}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | "UDP Query User{BC040633-A26A-419A-9C62-5E04EEA0C01D}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{CA4C3ACE-02ED-4639-AE64-16A6B858E5C5}C:\users\****\desktop\age of empires 2\age2_x1.0 +nostartup.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.0 +nostartup.exe | "UDP Query User{D1684744-EEA5-4696-A18F-F40DD1DB9C10}C:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{D6C9350A-64EB-4F42-84B5-F64D3F1DC6AF}C:\users\****\desktop\desktop\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\desktop\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{DEA1A84D-8B87-4075-A842-1D77ECF65CE7}C:\users\****\desktop\age of empires 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empires 2\age2_x1.exe | "UDP Query User{E1000B34-0D64-4404-8E30-57FD38711757}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{EFDA6562-A47C-4C00-8785-9862249CB3E6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{FC51E17A-997C-4876-98A3-78C14097EEE6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{10B6E893-9AD6-4B9C-B91E-605F73063DA3}" = e-mix 5.6.2 Pro Edition "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.007.00 "{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico "{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.5 "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0 "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari "{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0 "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools "{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Empires" = Microsoft Age of Empires "Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe "Ask Toolbar_is1" = Ask Toolbar "aTube Catcher" = aTube Catcher "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.0.0.926 "Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "DivX Setup.divx.com" = DivX-Setup "DS-MP3 Source" = DS-MP3 Source 1.30 "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ERUNT_is1" = ERUNT 1.1j "FL Studio 8" = FL Studio 8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305 "GooglePinyin2" = 谷歌拼音输入法 2.0 "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "Icy Tower v1.4_is1" = Icy Tower v1.4 "IL Download Manager" = IL Download Manager "Imperialismus" = Imperialismus "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "kikin Plugin (CounterStrike2D Edition)" = kikin Plugin (CounterStrike2D Edition) 1.11 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9) "MPE" = MyPhoneExplorer "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor" = Native Instruments Traktor "Native Instruments Traktor DJ Studio v3.0.2.098" = Native Instruments Traktor DJ Studio v3.0.2.098 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Panzer General 3D" = Panzer General 3D "Panzerliga PL v2.4 (CD-Version)_is1" = das Panzer3D Update der CD-Version auf v2.4 "Pharao" = Pharao "PoiZone" = PoiZone "Protect Disc License Helper" = Protect Disc License Helper 1.0.118 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Room Arranger" = Room Arranger (remove only) "Scan2PDF_is1" = Scan2PDF 1.6 "SopCast" = SopCast 3.2.4 "SystemRequirementsLab" = System Requirements Lab "Toxic Biohazard" = Toxic Biohazard "Tropico3" = Tropico 3 1.00 "Tropico3 Demo" = Tropico 3 Demo 1.01 "TVAnts 1.0" = TVAnts 1.0 "UUSEE" = UUSee ÍøÂçµçÊÓ [4.8.307.11] "UUSEE_base" = UUSee ²¥·Å²å¼þ»ù´¡°ü 4.8.306.18 "Veetle TV" = Veetle TV 0.9.18 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.3 "WildTangent hp Master Uninstall" = My HP Games "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Monopoly Deluxe" = Monopoly Deluxe "Move Media Player" = Move Media Player "Octoshape Streaming Services" = Octoshape Streaming Services ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.10.2010 13:40:50 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 177872 Error - 06.10.2010 13:40:51 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06.10.2010 13:40:51 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 178886 Error - 06.10.2010 13:40:51 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 178886 Error - 06.10.2010 13:40:53 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06.10.2010 13:40:53 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 179916 Error - 06.10.2010 13:40:53 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 179916 Error - 06.10.2010 13:40:54 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 06.10.2010 13:40:54 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 181070 Error - 06.10.2010 13:40:54 | Computer Name = PC1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 181070 [ OSession Events ] Error - 08.12.2010 16:58:22 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24588 seconds with 6420 seconds of active time. This session ended with a crash. Error - 09.01.2011 10:55:53 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 278 seconds with 120 seconds of active time. This session ended with a crash. Error - 09.01.2011 10:57:21 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.08.2009 13:51:07 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&03E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 26.08.2009 13:51:07 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&04E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 27.08.2009 14:41:14 | Computer Name = ****-PC | Source = HTTP | ID = 15016 Description = Error - 27.08.2009 14:41:36 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.08.2009 14:41:36 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.08.2009 14:41:36 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.08.2009 14:45:35 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&01E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 27.08.2009 14:45:35 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&02E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 27.08.2009 14:45:36 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&03E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 27.08.2009 14:45:36 | Computer Name = ****-PC | Source = PlugPlayManager | ID = 12 Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_3603103C&REV_00\4&2bbd3a19&0&04E4) wurde ohne vorbereitende Maßnahmen vom System entfernt. < End of report > |
|
28.04.2011, 09:51
| #2 |
| | 'TR/Kazy.21048.8' ; Trojan.FakeAlert Hiernoch Malwarebytes:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6462 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28.04.2011 10:12:24 mbam-log-2011-04-28 (10-12-24).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 162499 Laufzeit: 17 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\****\AppData\Local\Temp\err.log29035701 (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\****\downloads\uusee_setup_2007.exe (PUP.Uusee) -> Not selected for removal. c:\Users\****\AppData\Roaming\Adobe\plugs\kb29130799.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
30.04.2011, 15:13
| #3 |
| /// Malware-holic   | 'TR/Kazy.21048.8' ; Trojan.FakeAlert hi, wenn du dir selbst antwortest, dann erscheint der beitrag nicht mehr als unbeantwortet, da wird das dann vllt übersehen, zumal bei der menge an themen diese woche :-)
__________________update Malwarebytes bitte, vollständiger scan, log posten
__________________ Geändert von markusg (30.04.2011 um 15:18 Uhr) |
|
30.04.2011, 17:50
| #4 |
| | 'TR/Kazy.21048.8' ; Trojan.FakeAlert ok sorry, da hab ich nicht dran gedacht  Mallwarebytes hat nichts mehr gefunden, s.u. Ist mein PC jetzt sauber oder mache ich besser noch andere Maßnahmen? Danke auf jeden Fall schonmal! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6478 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 30.04.2011 18:46:06 mbam-log-2011-04-30 (18-46-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Durchsuchte Objekte: 361371 Laufzeit: 2 Stunde(n), 23 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
30.04.2011, 18:05
| #5 |
| /// Malware-holic | 'TR/Kazy.21048.8' ; Trojan.FakeAlert bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.04.2011, 18:40
| #6 |
| | 'TR/Kazy.21048.8' ; Trojan.FakeAlert Ok, hier ist es. Ist Adaware eigentlich sinnvoll oder sollte ich es runterschmeißen? Achja: vorher war unten rechts in der Leiste immer ein Antivir-Button, der ist nach dem Combofix weg... Ist mein Antivir jetzt nicht mehr aktiv? Danke, gbush Combofix Logfile: Code:
ATTFilter ComboFix 11-04-29.04 - **** 30.04.2011 19:20:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3038.1633 [GMT 2:00]
ausgeführt von:: c:\users\****\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\imperialismus\Imperialismus.exe
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\programdata\hpeFAA4.dll
c:\programdata\SymUpdate.exe
c:\users\****\AppData\Roaming\Adobe\plugs
c:\users\****\AppData\Roaming\Adobe\shed
c:\users\****\wrar393d.exe
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-28 bis 2011-04-30 ))))))))))))))))))))))))))))))
.
.
2011-04-30 17:31 . 2011-04-30 17:31 -------- d-----w- c:\users\****\AppData\Local\temp
2011-04-30 17:31 . 2011-04-30 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-28 08:30 . 2011-04-28 08:30 -------- d-----w- c:\program files\ERUNT
2011-04-28 07:52 . 2011-04-28 07:52 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes
2011-04-28 07:52 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 07:52 . 2011-04-28 07:52 -------- d-----w- c:\programdata\Malwarebytes
2011-04-28 07:52 . 2011-04-28 08:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-28 07:52 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 19:11 . 2011-04-27 19:11 -------- d-----w- c:\users\****\AppData\Roaming\6D2D739030AA723C011CA21EDA2A97F0
2011-04-27 13:43 . 2011-04-27 13:43 -------- d-----w- c:\program files\iPod
2011-04-27 13:40 . 2011-04-27 13:40 -------- d-----w- c:\program files\Bonjour
2011-04-27 11:17 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 11:17 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 11:17 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-15 15:16 . 2011-04-27 13:44 -------- d-----w- c:\program files\iTunes
2011-04-15 14:45 . 2011-04-15 15:11 -------- d-----w- c:\users\****\mp3
2011-04-11 19:05 . 2011-04-11 19:05 -------- d-----w- c:\programdata\Clarus
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-31 20:12 . 2011-03-31 20:12 -------- d-----w- c:\program files\Clarus
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 10:23 . 2011-02-17 16:41 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-23 14:41 . 2011-03-23 14:41 80896 ----a-w- c:\windows\cadkasdeinst01.exe
2011-03-03 15:40 . 2011-04-27 11:17 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 11:17 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 11:17 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 11:17 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 14:29 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 14:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 14:29 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 14:36 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 15:38 . 2011-02-17 15:38 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-02 16:11 . 2009-10-03 11:46 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\users\****\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-3-31 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-3-31 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-3-31 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-09-25 17:42 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Pinyin 2 Autoupdater]
2009-08-22 13:44 1009648 ----a-w- c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 09:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\****\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 14:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
2008-09-24 17:07 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-17 15232]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe [2008-06-27 77824]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-13 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 99896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-19 2146496]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-09-23 365904]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-24 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-24 116096]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 17:20]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\vvd19cyu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.n-tv.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref(dom.disable_open_during_load, true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\DVDVideoSoft\tbDVDV.dll
BHO-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\DVDVideoSoft\tbDVDV.dll
Toolbar-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\DVDVideoSoft\tbDVDV.dll
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - c:\program files\DVDVideoSoft\tbDVDV.dll
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
MSConfigStartUp-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-30 19:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-30 19:35:08
ComboFix-quarantined-files.txt 2011-04-30 17:34
.
Vor Suchlauf: 15 Verzeichnis(se), 162.047.246.336 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 160.506.236.928 Bytes frei
.
- - End Of File - - 7A6E7ADD7EE0D8745FD085128CDD3D46
Geändert von Gbush (30.04.2011 um 18:52 Uhr) |
|
30.04.2011, 18:52
| #7 |
| /// Malware-holic | 'TR/Kazy.21048.8' ; Trojan.FakeAlert wie läuft das system?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.04.2011, 18:55
| #8 |
| | 'TR/Kazy.21048.8' ; Trojan.FakeAlert Läuft stabil und recht fix. Hatte grade kurz bevor du geantwortet hattest oben noch Editiert: vorher war unten rechts in der Leiste immer ein Antivir-Symbol, nach Combofix ist das weg. Ist Antivir jetzt nicht mehr aktiv?? Danke! Gbush |
|
30.04.2011, 19:06
| #9 |
| /// Malware-holic | 'TR/Kazy.21048.8' ; Trojan.FakeAlert ist das nach neustart immernoch so?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.04.2011, 19:15
| #10 |
| | 'TR/Kazy.21048.8' ; Trojan.FakeAlert Ja... Taskmanager zeigt mir an, dass "avgnt" läuft und bei msconfig-autostart ist ein Haken bei "antivir desktop" Ich würds sonst einfach neu installieren wenn du nichts dagegen hast |
|
30.04.2011, 19:16
| #11 |
| /// Malware-holic | 'TR/Kazy.21048.8' ; Trojan.FakeAlert machen wir gliech lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2011, 14:15
| #12 |
| | 'TR/Kazy.21048.8' ; Trojan.FakeAlert Hi, habe jetzt mal unbekannt großzügig benutzt, wenn ich nicht genau wusste wofür das gut ist. Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 03.03.2009 14,0MB notwendig Ad-Aware Lavasoft 16.02.2011 89,3MB notwendig? Adobe AIR Adobe Systems Inc. 30.09.2010 30,7MB 1.5.2.8900 notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 29.03.2011 10.2.153.1 notwendig Adobe Flash Player ActiveX Adobe Systems Incorporated 03.03.2009 9.0.124.0 unbekannt Adobe Reader 9 - Deutsch Adobe Systems Incorporated 21.10.2008 232MB 9.0.0 notwendig Apple Application Support Apple Inc. 26.04.2011 51,0MB 1.5.1 unbekannt Apple Mobile Device Support Apple Inc. 15.04.2011 3.4.0.25 notwendig Apple Software Update Apple Inc. 24.08.2009 2.1.1.116 notwendig aTube Catcher DsNET Corp 27.03.2011 35,2MB 2.2.563 notwendig Avira AntiVir Personal - Free Antivirus Avira GmbH 29.04.2011 70,8MB 10.0.0.648 notwendig Bonjour Apple Inc. 27.04.2011 2.0.5.0 unbekannt Bullzip PDF Printer 7.0.0.926 Bullzip 07.10.2009 15,5MB notwendig Canon IJ Network Scan Utility 13.11.2010 1,07MB notwendig Canon IJ Network Tool 13.11.2010 2,97MB notwendig Canon Inkjet Printer/Scanner/Fax Extended Survey Program 13.11.2010 1,25MB unbekannt Canon MG5200 series Benutzerregistrierung 13.11.2010 1,18MB notwendig Canon MG5200 series MP Drivers 13.11.2010 notwendig CCleaner Piriform 29.04.2011 3,63MB 3.06 notwendig CDBurnerXP CDBurnerXP 16.07.2010 11,8MB 4.3.5.2256 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 13.04.2011 64,0MB 12.0.6425.1000 notwendig CyberLink DVD Suite CyberLink Corp. 21.10.2008 16,6MB 6.0.2126 unnötig DivX-Setup DivX, Inc. 03.07.2010 2,07MB 1.0.2.22 unnötig DS-MP3 Source 1.30 27.09.2010 0,21MB unbekannt e-mix 5.6.2 Pro Edition cbl electronics inc. 27.09.2010 20,5MB 5.6.2 unnötig ERUNT 1.1j Lars Hederer 27.04.2011 0,67MB notwendig GPL Ghostscript Lite 8.64 07.10.2009 12,4MB unbekannt HP Customer Experience Enhancements Hewlett-Packard 21.10.2008 0,98MB 5.7.0.2664 unbekannt HP Help and Support Hewlett-Packard Company 21.10.2008 30,4MB 2.1.0.0 unbekannt HP Imaging Device Functions 9.0 HP 26.02.2011 4,23MB 9.0 unbekannt HP LaserJet Professional P1100-P1560-P1600 Series 27.10.2010 5,47MB notwendig HP MediaSmart DVD Hewlett-Packard 03.03.2009 48,4MB 2.0.2126 notwendig HP MediaSmart Music/Photo/Video Hewlett-Packard 03.03.2009 130,6MB 2.0.2125 notwendig HP MediaSmart SmartMenu Hewlett-Packard 04.03.2009 2.0.8 unbekannt HP MediaSmart TV Hewlett-Packard 03.03.2009 114,5MB 2.0.0924 unötig HP MediaSmart Webcam Hewlett-Packard 03.03.2009 73,4MB 2.0.0926 notwendig HP Photosmart All-In-One Software 9.0 HP 08.05.2010 17,3MB 9.0 unnötig HP Photosmart All-In-One Software 9.0 HP 9.0 unnötig HP Photosmart Essential 2.01 HP 26.02.2011 4,21MB 2.01 unnötig HP Quick Launch Buttons 6.40 H2 Hewlett-Packard 21.10.2008 16,4MB 6.40 H2 unbekannt HP Solution Center 9.0 HP 08.05.2010 4,21MB 9.0 unbekannt HP Total Care Advisor Hewlett-Packard 21.10.2008 21,7MB 2.4.4941.2798 unbekannt HP Update Hewlett-Packard 21.10.2008 3,72MB 4.000.010.008 notwendig HP User Guides 0128 Hewlett-Packard 22.10.2008 1.00.0000 unnötig HP Wireless Assistant Hewlett-Packard 22.10.2008 3.00 K2 notwendig HPTCSSetup Hewlett-Packard Company 21.10.2008 1.1.1955.2793 unbekannt ICQ7.2 ICQ 08.08.2010 45,6MB 7.2 notwendig Icy Tower v1.4 Free Lunch Design 16.06.2009 4,59MB notwendig IDT Audio IDT 03.03.2009 33,3MB 1.0.6087.0 unbekannt iTunes Apple Inc. 27.04.2011 10.2.2.12 notwendig Java(TM) 6 Update 20 Sun Microsystems, Inc. 29.08.2009 95,0MB 6.0.200 notwendig (warum ist das 2 mal da?) Java(TM) 6 Update 7 Sun Microsystems, Inc. 21.10.2008 171,1MB 1.6.0.70 notwendig (warum ist das 2 mal da?) JMicron JMB38X Flash Media Controller JMicron Technology Corp. 03.03.2009 3,79MB 1.00.18.07 unbekannt kikin Plugin (CounterStrike2D Edition) 1.11 kikin 15.11.2009 0,60MB 1.11 unnötig LabelPrint CyberLink Corp. 21.10.2008 241MB 2.5.0919 unnötig LightScribe System Software 1.14.17.1 LightScribe 03.03.2009 21,0MB 1.14.17.1 notwendig Malwarebytes' Anti-Malware Malwarebytes Corporation 27.04.2011 4,81MB notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 09.08.2009 37,0MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 08.08.2009 37,0MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 unbekannt Microsoft Age of Empires 24.12.2009 64,4MB notwendig Microsoft Office Home and Student 2007 Microsoft Corporation 06.10.2009 309MB 12.0.6425.1000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 14.04.2011 8.0.51011 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.07.2009 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 0,58MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 04.03.2009 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14.04.2009 9.0.30729 unbekannt Microsoft Works Microsoft Corporation 17.12.2010 378MB 9.7.0621 unnötig MobileMe Control Panel Apple Inc. 09.02.2011 12,0MB 3.1.5.0 unnötig Move Media Player Move Networks 30.04.2010 notwendig Mozilla Firefox (3.6.16) Mozilla 23.03.2011 30,9MB 3.6.16 (de) notwendig Mozilla Thunderbird (3.1.9) Mozilla 06.03.2011 34,5MB 3.1.9 (de) notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.04.2009 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.11.2009 1,34MB 4.20.9876.0 unbekannt muvee Reveal muvee Technologies Pte Ltd 03.03.2009 152,9MB 7.0.35.6951 unnötig My HP Games WildTangent 03.03.2009 140,6MB 1.0.0.62 unnötig MyPhoneExplorer F.J. Wechselberger 12.08.2009 9,31MB 1.7.3 notwendig Native Instruments Controller Editor Native Instruments 27.09.2010 28,0MB notwendig Native Instruments Service Center Native Instruments 27.09.2010 45,6MB notwendig Native Instruments Traktor Native Instruments 27.09.2010 55,3MB notwendig Native Instruments Traktor DJ Studio v3.0.2.098 09.01.2010 43,6MB notwendig NVIDIA Display Control Panel NVIDIA Corporation 15.10.2010 132,5MB 6.14.12.5896 notwendig NVIDIA Drivers NVIDIA Corporation 15.10.2010 1.10.62.40 notwendig NVIDIA PhysX NVIDIA Corporation 15.10.2010 73,8MB 9.10.0224 unbekannt Paint.NET v3.5.6 dotPDN LLC 03.12.2010 10,4MB 3.56.0 notwendig Pando Media Booster Pando Networks Inc. 29.09.2010 7,07MB 2.3.4.3 notwendig PDFill PDF Editor with FREE Writer and FREE Tools PlotSoft LLC 22.03.2011 19,8MB 8.0 notwendig Power2Go CyberLink Corp. 21.10.2008 164,0MB 6.0.2119 unbekannt PowerDirector CyberLink Corp. 21.10.2008 468MB 7.0.2119 unbekannt Protect Disc License Helper 1.0.118 Protect Disc 15.07.2009 0,84MB 1.0.118 unbekannt ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 15.07.2009 96,00KB 11.0.0.11 unbekannt ProtectSmart Hard Drive Protection Hewlett-Packard 04.03.2009 3.10 A7 unbekannt QuickTime Apple Inc. 09.02.2011 73,7MB 7.69.80.9 notwendig Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 03.03.2009 1,62MB 1.00.0000 notwendig Safari Apple Inc. 26.06.2010 5.33.16.0 unnötig Samsung Auto Backup Clarus 30.03.2011 19,4MB 4.1.371.0 notwendig Scan2PDF 1.6 Koma-Code 27.02.2011 2,21MB notwendig SimCity 4 Deluxe 08.08.2009 1.195MB notwendig Skype Toolbars Skype Technologies S.A. 27.12.2010 6,84MB 5.0.4137 unbekannt Skype™ 5.0 Skype Technologies S.A. 27.12.2010 21,4MB 5.0.156 notwendig Sony Ericsson PC Suite 6.007.00 Sony Ericsson 12.08.2009 31,4MB 6.007.00 notwendig SopCast 3.2.4 SopCast.com 13.02.2010 9,17MB 3.2.4notwendig System Requirements Lab 15.10.2010 0,38MB unbekannt Toxic Biohazard Image-Line bvba 17.08.2009 9,38MB unbekannt Tropico 21.06.2009 1,98MB notwendig Tropico 3 1.00 Kalypso Media 10.04.2010 2.414MB 1.00 notwendig TVAnts 1.0 21.08.2009 5,41MB notwendig Veetle TV 0.9.18 Veetle, Inc 29.01.2011 10,1MB 0.9.18 notwendig VLC media player 1.0.3 VideoLAN Team 08.12.2009 73,1MB 1.0.3 notwendig Windows Media Player Firefox Plugin Microsoft Corp 16.04.2011 0,29MB 1.0.0.8 notwendig Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) ENE 03.03.2009 09/04/2008 2.6.0.0 unbekannt WinRAR 16.03.2010 3,79MB notwendig |
|
02.05.2011, 14:33
| #13 |
| /// Malware-holic | 'TR/Kazy.21048.8' ; Trojan.FakeAlert deinstaliere. Ad-Aware adobe reader neue version: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere. Bonjour CyberLink DivX DS-MP3 e-mix Java beide Java SE Downloads klicke download jre deinstaliere: kikin LabelPrint Microsoft Office schreib programm, word etc. falls unnötig, weg. Microsoft Works MobileMe Mozilla Firefox klicke hilfe, update, version 4 instalieren muvee My HP Power2Go PowerDirector Safari Skype Toolbars Skype™ öffnen, updaten. bereinige mit dem ccleaner.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2011, 15:01
| #14 |
| | 'TR/Kazy.21048.8' ; Trojan.FakeAlert Danke soweit schonmal, bin grade am ausmisten. Gibts dieses Java "JRE" auch für Vista? Sehe bei Kompatibilität nur Win7 und habe auf Anhieb auch sonst auf der Seite kein JRE für Vista gefunden...  |
|
| Themen zu 'TR/Kazy.21048.8' ; Trojan.FakeAlert |
| 32 bit, ad-aware, alternate, antivir, askbar, autorun, avgntflt.sys, avira, benutzerregistrierung, bho, black, bonjour, c:\windows\system32\rundll32.exe, canon, cdburnerxp, conduit, converter, downloader, error, excel.exe, firefox, flash player, format, home, install.exe, intranet, league of legends, location, logfile, maßnahme, microsoft office word, mozilla, mozilla thunderbird, nvlddmkm.sys, office 2007, oldtimer, plug-in, realtek, registry, rundll, saver, scan, searchplugins, security, security update, senden, shell32.dll, shortcut, skype.exe, software, start menu, studio, super, svchost.exe, tower, viren, vista, wscript.exe |
Linear-Darstellung
