| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System sehr langsam! TR/Spyeye.FA?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.05.2011, 16:01
| #6 |
| |  System sehr langsam! TR/Spyeye.FA? Hi, #1: pdfforge Toolbar habe ich über die Systemsteuerung deinstalliert... #2: Ich habe keine der beiden Add-ons im Firefox gefunden. #3 OTL-Fix: All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 removed from extensions.enabledItems Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}\ not found. C:\Users\Basti\AppData\Roaming\5008\components folder moved successfully. C:\Users\Basti\AppData\Roaming\5008 folder moved successfully. Folder C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. Folder C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\ not found. Folder C:\USERS\BASTI\APPDATA\ROAMING\5008\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Winjava deleted successfully. C:\Users\Basti\AppData\Roaming\Catpack\crtpack.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\yJFzBVUcTw\ deleted successfully. C:\Users\Basti\AppData\Roaming\Catpack folder moved successfully. C:\Users\Basti\AppData\Roaming\cock folder moved successfully. C:\Users\Basti\AppData\Roaming\xmldm folder moved successfully. ========== FILES ========== File\Folder C:\Programme\pdfforge Toolbar not found. File\Folder C:\program files\bearshare pro not found. File\Folder C:\program files\bearshare not found. File\Folder C:\Users\Basti\AppData\Roaming\Catpack not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FA96573-3EC1-45D5-9AED-6F1B18EE189C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FA96573-3EC1-45D5-9AED-6F1B18EE189C}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F89FB5FE-C071-4791-BCF1-529B96F28B63} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89FB5FE-C071-4791-BCF1-529B96F28B63}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3DA0A7ED-E665-42C8-9675-511F37741BAB}C:\program files\bearshare\bearshare.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{521E81E1-F901-454F-9614-A69D2196A11F}C:\program files\bearshare pro\bearshare.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B5EEE2FB-A849-4CF9-A453-8AB7C824DE2D}C:\program files\bearshare\bearshare.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F79428AB-7790-4F98-B2FA-6E66E3255C6B}C:\program files\bearshare pro\bearshare.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] #4 ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-28.01 - Basti 29.05.2011 16:29:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2047.1300 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Basti\AppData\Local\TempDIR
c:\users\Basti\AppData\Local\TempDIR\SecureW2_TTLS_333.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-28 bis 2011-05-29 ))))))))))))))))))))))))))))))
.
.
2011-05-29 14:42 . 2011-05-29 14:42 -------- d-----w- c:\users\Basti\AppData\Local\temp
2011-05-29 14:42 . 2011-05-29 14:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 00:52 . 2011-05-29 00:53 -------- d-----w- c:\program files\ERUNT
2011-05-27 12:51 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9152E55-D3F3-4517-BC40-A62E21F27014}\mpengine.dll
2011-05-26 18:24 . 2011-04-30 13:37 781272 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-05-11 08:10 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 10:17 . 2011-05-10 10:18 -------- d-----w- c:\program files\ICQ7.5
2011-05-09 18:08 . 2011-05-28 08:22 -------- d-----w- c:\program files\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 10:36 . 2011-04-06 10:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-18 23:15 . 2009-06-24 15:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-12 21:55 . 2011-04-28 05:24 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 04:26 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 04:26 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 04:26 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 05:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-28 05:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 05:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 05:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 05:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-28 05:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-15 04:26 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 04:26 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-30 13:37 . 2011-03-27 18:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-27 281768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^meine software.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\meine software.lnk
backup=c:\windows\pss\meine software.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-12-10 14:29 116056 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-11-19 17:15 583016 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
2007-08-01 01:26 675840 ----a-w- c:\progra~1\WinTV\EPG Services\System\EPGClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
2005-02-02 02:00 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIADE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update]
2008-09-04 20:21 251184 ----a-w- c:\program files\lg_swupdate\GiljabiStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2007-11-21 12:33 565248 ----a-w- c:\program files\LG Software\System Control Manager\MGSysCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2007-12-30 10:23 1365504 ----a-w- c:\program files\Rainlendar2\Rainlendar2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-12-17 09:02 4718592 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-31 19:15 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2007-10-25 487424]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2007-10-25 15488]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NishService;Evil Driver Daemon;c:\program files\LG Software\System Control Manager\edd.exe [2007-08-23 61440]
R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-03-16 132464]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-11 136360]
S2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2007-11-05 431104]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fb_inet_server.exe [2008-06-13 2707456]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-10 238952]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-07 36608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-29 c:\windows\Tasks\User_Feed_Synchronization-{A6372E64-0662-44BF-826E-B27DF45A00DB}.job
- c:\windows\system32\msfeedssync.exe [2008-06-25 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\0n1gga6f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-JREcSGVrdPtfUH - c:\programdata\JREcSGVrdPtfUH.exe
MSConfigStartUp-RacA_isv - c:\users\Basti\AppData\Local\Temp\cmdkrcpl.dll
AddRemove-FLV Player - c:\program files\FLV Player\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-29 16:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-29 16:48:11
ComboFix-quarantined-files.txt 2011-05-29 14:48
.
Vor Suchlauf: 11 Verzeichnis(se), 10.051.502.080 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 13.145.747.456 Bytes frei
.
- - End Of File - - 6AFEA129BDB12785B1B659FF0D117043
#5: OTL LogfilesOTL Logfile: Code:
ATTFilter OTL logfile created on: 29.05.2011 16:50:15 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Basti\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,71% Memory free 4,24 Gb Paging File | 3,35 Gb Available in Paging File | 78,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,05 Gb Total Space | 12,29 Gb Free Space | 8,30% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Basti\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Firebird\Firebird_2_1\bin\fb_inet_server.exe (Firebird Project) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - C:\Users\Basti\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fb_inet_server.exe (Firebird Project) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works) SRV - (EPGService) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) SRV - (NishService) -- C:\Programme\LG Software\System Control Manager\edd.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (o2flash) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe (O2Micro International) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro ) DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 15:37:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.06 12:37:03 | 000,000,000 | ---D | M] [2009.12.25 16:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2009.12.25 16:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.05.26 20:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\0n1gga6f.default\extensions [2009.06.26 16:29:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\0n1gga6f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.05.10 20:11:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\0n1gga6f.default\extensions\moveplayer@movenetworks.com [2011.05.12 10:07:38 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\0n1gga6f.default\searchplugins\icqplugin-1.xml [2008.07.13 22:18:48 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\0n1gga6f.default\searchplugins\icqplugin.xml [2011.05.29 02:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.07.03 10:08:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.04.06 12:37:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2008.06.06 21:38:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [2008.10.12 21:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2011.04.06 12:37:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.30 15:37:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.04.06 12:36:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.26 20:24:52 | 000,002,047 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.29 16:42:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1223841640 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.29 16:48:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.29 16:48:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.29 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\temp [2011.05.29 16:26:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.29 16:26:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.29 16:26:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.29 16:26:01 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.05.29 16:25:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.29 16:25:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2011.05.29 16:23:14 | 004,296,655 | R--- | C] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe [2011.05.29 16:14:12 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.29 02:55:35 | 000,100,736 | ---- | C] (GMER) -- C:\pgloqpow.sys [2011.05.29 02:53:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.29 02:52:40 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.05.29 02:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.05.29 02:51:25 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Basti\Desktop\erunt-setup.exe [2011.05.26 20:30:31 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2011.05.10 12:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011.05.10 12:17:19 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5 [2011.05.09 20:08:07 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan [2011.05.08 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\Neuer Ordner [1 C:\Users\Basti\AppData\Roaming\*.tmp files -> C:\Users\Basti\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.29 16:42:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.05.29 16:23:36 | 004,296,655 | R--- | M] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe [2011.05.29 16:19:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.29 16:19:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.29 16:19:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.29 16:19:02 | 2146,820,096 | -HS- | M] () -- C:\hiberfil.sys [2011.05.29 16:17:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.29 14:34:06 | 000,679,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.29 14:34:06 | 000,638,542 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.29 14:34:06 | 000,148,576 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.29 14:34:06 | 000,121,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.29 13:41:58 | 1469,442,048 | ---- | M] () -- C:\Users\Basti\Desktop\TSQG-Megamind.REPACK.avi [2011.05.29 13:14:12 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A6372E64-0662-44BF-826E-B27DF45A00DB}.job [2011.05.29 10:56:27 | 000,302,080 | ---- | M] () -- C:\Users\Basti\Desktop\gb1q2gp1.exe [2011.05.29 02:55:35 | 000,100,736 | ---- | M] (GMER) -- C:\pgloqpow.sys [2011.05.29 02:51:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Basti\Desktop\erunt-setup.exe [2011.05.27 15:19:45 | 000,107,008 | ---- | M] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.26 20:30:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2011.05.09 20:08:08 | 000,000,804 | ---- | M] () -- C:\Users\Basti\Desktop\SpeedFan.lnk [2011.05.09 20:08:07 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [1 C:\Users\Basti\AppData\Roaming\*.tmp files -> C:\Users\Basti\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.29 16:26:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.29 16:26:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.29 16:26:07 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.29 16:26:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.29 16:26:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.29 10:56:26 | 000,302,080 | ---- | C] () -- C:\Users\Basti\Desktop\gb1q2gp1.exe [2011.05.16 16:17:15 | 2146,820,096 | -HS- | C] () -- C:\hiberfil.sys [2011.05.09 20:08:08 | 000,000,804 | ---- | C] () -- C:\Users\Basti\Desktop\SpeedFan.lnk [2011.05.09 20:07:18 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2011.03.15 23:06:00 | 000,000,000 | ---- | C] () -- C:\Users\Basti\AppData\Local\Tempmkwa.$$$ [2010.11.17 19:59:33 | 000,000,035 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\urhtps.dat [2010.04.23 11:03:29 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2010.04.23 11:00:52 | 000,260,464 | ---- | C] () -- C:\Windows\SUPDRun.exe [2010.04.23 11:00:49 | 000,282,624 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2010.04.23 11:00:49 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll [2010.04.03 12:35:13 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.04.03 12:35:13 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.10.28 13:24:52 | 000,000,093 | ---- | C] () -- C:\Users\Basti\AppData\Local\fusioncache.dat [2009.09.17 16:14:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 16:14:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.03.06 00:50:08 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2008.11.03 17:52:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.09.08 17:05:58 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2008.09.08 17:05:55 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI [2008.09.08 17:05:53 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2008.09.08 17:05:21 | 000,032,133 | ---- | C] () -- C:\Windows\Irremote.ini [2008.09.08 17:00:52 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2008.09.08 17:00:20 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.09.08 17:00:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2008.09.08 16:59:06 | 000,006,241 | ---- | C] () -- C:\Windows\HCWPNP.INI [2008.04.27 12:08:49 | 000,000,592 | ---- | C] () -- C:\Windows\RDOFFICE.INI [2008.03.01 21:48:34 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.08 11:15:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.02.07 12:38:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.02.07 12:14:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.02.07 12:12:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.01 00:38:55 | 000,107,008 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.31 22:40:51 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008.01.18 21:31:55 | 000,045,056 | ---- | C] () -- C:\Windows\UncompAVIToWMV2.exe [2007.11.19 08:42:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2007.11.19 08:35:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.11.19 08:30:41 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.11.19 08:30:41 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.11.19 08:09:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2007.11.19 08:09:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2007.11.19 08:09:22 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll [2007.11.19 08:08:46 | 000,008,117 | ---- | C] () -- C:\Windows\lg_up.ini [2007.11.19 08:07:50 | 000,001,010 | ---- | C] () -- C:\Windows\lgcenter.ini [2007.11.19 08:07:30 | 000,000,213 | ---- | C] () -- C:\Windows\lgps.ini [2007.11.19 08:02:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.11.08 17:54:34 | 000,159,146 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.29 16:55:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\sw2_ttls_manager.exe [2006.11.02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 17:33:31 | 000,679,420 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,148,576 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,259,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,638,542 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Basti\Desktop\TSQG-Megamind.REPACK.avi:TOC.WMV < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.05.2011 16:50:15 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,71% Memory free
4,24 Gb Paging File | 3,35 Gb Available in Paging File | 78,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,05 Gb Total Space | 12,29 Gb Free Space | 8,30% Space Free | Partition Type: NTFS
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055B9A39-F891-4B06-A3D6-9BB94929B4CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0960E895-D1C3-4EF4-9A69-79E19E518CA7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0BF3ABDF-C8AA-43C9-8646-69079FE3E8D5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{161AEB01-AFBD-4B6B-825E-899B0691A2D5}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{194B3781-0FA1-4D0D-9B73-E1DD9AE332B2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22DCEA05-8BE8-4DDD-8BB9-7896CCCEFC7B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{236E39E3-DBAB-44A7-927F-092BD4AAC7A6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2592A26C-1B33-465F-B699-6C5CEAC76695}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27B52CFE-9AA1-4388-9D73-EE3752734C5C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{295B2A21-B070-4538-B591-7E615EB842A1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{38D164A7-AD5A-433B-A391-C0189627B017}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43B6CA37-46F3-4905-9527-E5E09DBE2AC3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{443872C6-35FD-4E2F-AAD4-2A9FBC0DEE9B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5E846667-C10E-4219-AB3E-1973F4AB0D53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CA27FFC-DD62-44CB-A970-0ED489611E4B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E05E8D8-216D-4214-8120-BC4892E0350E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7DD85C0D-DA2A-443B-A1B8-9CC35293B86B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EC964B9-504C-4DF5-AAFD-DA07694A3F72}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8044CA87-A751-449F-9110-9FD72FE8030E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82A64A30-3CEC-4D51-8280-E0AE2019E610}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{86FB6359-DC0B-43AC-B349-60638C2A7EE8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{88934116-6133-4427-A615-137400B0E2DD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88FC5EC1-63DA-431E-A61B-B3B36A02BCBA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{932319EA-F1BA-412A-9AE1-83BD49544605}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{96CBCFE5-29DF-48EB-A73F-3C0DB67435C0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B64D0DC8-1739-4620-ABAF-E43508E2B041}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B733B357-4753-4BCA-8430-8E6F30140C2A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B7999653-6185-48F1-8016-959905351AD7}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CC52DFE9-22B4-4482-88B5-7B6EF50F2400}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6740D77-DC1D-4C87-9B14-1D148C47FC66}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DB0432CC-6180-422B-8B24-6FF0C13D1B49}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DC6C38EA-0501-41A1-B5E7-C35196F9D748}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E6002F16-3B63-4E18-B5B7-E9C4E902971D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E9CBADB3-AF2A-42E1-B005-56549F6B2879}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F285CBAA-BCDB-42C2-800E-0503BE8BD8A2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F647AF67-9529-4FE5-9387-5DD81925DDCE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F99AA041-E22E-4A21-A337-E8D4CDEB0720}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F9A8333A-B0DE-4D64-986B-62BEBB6984EB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FDAA04F6-1673-4423-8E52-5456BFD09BFF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AB058C-F69A-4FCC-90C4-B4BE07A2C93D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0224B06D-85C1-4C7A-9BE6-0F225A86CB88}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{05F2A231-B265-40F5-BB8B-B955D6DFCF3A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D056AC5-0C89-4D0D-A431-00F7215E5344}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F42FAA9-ADB7-4606-9F62-B5079C843485}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10CAF72F-A527-45C2-B480-7405F92A2D62}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1579F43A-B3EB-4529-B125-711E66E1CCAF}" = protocol=6 | dir=out | app=system |
"{1BB7A75B-DDC1-4AEA-9FC2-0E0DC8B485E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F4900DA-B92D-458E-B8E4-26F61D28D886}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{25F3C766-E07F-4F74-A609-C064A0CD509C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2AE1176E-EBBF-4184-A2E9-3F5C79BEAEEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2CEA409B-919F-4691-9A85-EFAC2C320044}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2DE1DD89-C0B3-4EDB-A77C-BDA0B75ED256}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{336F5A05-5197-47BA-AB98-1BBED54E68F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{344FD420-7D59-47D0-9DF2-BDF2B25878F3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{35C08D90-6182-4057-9B18-F6E7E28C371B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4478CAE9-1C83-424A-A994-267C9B44196D}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4743BF3D-FF69-475F-A293-E2E4A449A0A1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5584CE0A-7E97-409B-AD62-7F716FBFAE4D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{6679BDB7-E025-4026-9A86-9B0DCA0B18BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F4F2C96-1C95-47CE-9340-9C597A6CF165}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{75A55237-B109-4177-BFC6-5B9CC197B7D1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{789D6B8F-7D8F-43DC-8330-323AF3F8BB35}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7B9CBF11-317D-435D-9388-F06004182DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{827A1456-8E3E-4E3A-A9DA-8EBAF32589C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8812D139-925C-40D8-BBCF-836DB7AEBCD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A2C6554-E8EE-4A3D-B39F-19E2B882387D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A67D1D00-BAEF-4177-97DA-C6248C3B02FC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ABBC78A7-F3F4-4004-940D-4B677CE61CF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B076A9BD-2D7E-4CEA-9374-44F9325B53A3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8EE8660-4BA5-4435-87B7-38B770E96E18}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{C069A8B0-F077-4F69-8F8A-9BD18756F1B2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C3FFE108-3BAF-45C2-B4DF-D8F83EB14E57}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C48E2C0B-6F46-4D9C-8E51-03594784E68E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C80D3D76-8C5A-421A-B53D-C449982A613A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C84A58E8-7B1C-4EF1-B6CD-08960526BD71}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C879576F-99DD-4249-BC32-B24001FDEDE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9DB697F-CD6D-4992-8E33-7E02F44CF397}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CF4846D9-0114-4A54-B4D0-6D0821E944D3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5F5ABEC-9E34-4370-97FC-50584C3913F4}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{D871E622-8776-43D2-8085-5379AB13AA99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E15C327B-73A6-4A1F-8861-0AAB7505A1AC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED45D7BB-89F2-4051-BE23-200929472C8B}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{ED59F9AD-2345-45A5-8916-16CD7661E6F5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F153BF56-4245-491A-90F6-5BDF17555313}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F4E4B758-255D-41C6-BD9E-F3A33BFE9B05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5DD8387-ADF1-4890-AA77-7228A741FB7F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"TCP Query User{08FA051E-01BA-4492-B9C5-AFC2B096B56F}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{0CF94CFD-05FC-49CC-926C-430781AF73C1}C:\program files\resussim prehospital\ph\ph_app.exe" = protocol=6 | dir=in | app=c:\program files\resussim prehospital\ph\ph_app.exe |
"TCP Query User{0D05EC98-CF2C-47F7-8DDB-F3B9F79C7952}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe |
"TCP Query User{0D62A9CE-F7B3-4E21-8687-F22EE0253665}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{449B85FF-01C7-45D3-96A5-9728E3A2BFBC}C:\program files\samsung\samsung new pc studio\npsmediamanager.exe" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsmediamanager.exe |
"TCP Query User{464615D3-3BEF-4A8C-89F0-3D272B8E7ACC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4986D103-5C8B-4772-A14B-DA5DB2D044A7}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{512BF70D-9B7B-468F-8492-2DFC2B3DC4DC}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{5E27F12E-4BF9-4D3C-9A55-13E4F36A2307}C:\users\basti\desktop\fms32-pro\fms32pro.exe" = protocol=6 | dir=in | app=c:\users\basti\desktop\fms32-pro\fms32pro.exe |
"TCP Query User{5F3C85A5-930B-4B2D-BCAC-99FC0FD90A07}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{64166ABF-3AD6-477A-A630-6ED92BD488CA}C:\users\basti\desktop\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\basti\desktop\counter-strike 1.6\hl.exe |
"TCP Query User{67F6BFD1-4BF9-46AF-8F72-C8AE027FFFCD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{6CB7B600-0809-4BF5-BE47-FA4CE441D970}C:\program files\heirue-soft\fms32-pro\fms32pro.exe" = protocol=6 | dir=in | app=c:\program files\heirue-soft\fms32-pro\fms32pro.exe |
"TCP Query User{6D6E2B4D-7FA1-44A6-976A-FC13527B05EF}C:\program files\heirue-soft\fms32-pro\fms32prodemo.exe" = protocol=6 | dir=in | app=c:\program files\heirue-soft\fms32-pro\fms32prodemo.exe |
"TCP Query User{6D844BD2-64E5-4A4D-A3BC-944AEA6F52F7}E:\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=e:\counter-strike 1.6\hl.exe |
"TCP Query User{6F7E16CB-3E9D-41B4-8A0E-82F5E0E47CF7}C:\users\basti\desktop\poc32\poc32\poc32.exe" = protocol=6 | dir=in | app=c:\users\basti\desktop\poc32\poc32\poc32.exe |
"TCP Query User{711ECA2E-72F1-4033-85DD-6E02DBCC2C7A}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe |
"TCP Query User{74290D8F-2F4D-4C04-BCB1-5882F57DDAFC}C:\users\basti\documents\icq lite\220849967\jannik_316715953\fms32-pro\fms32pro.exe" = protocol=6 | dir=in | app=c:\users\basti\documents\icq lite\220849967\jannik_316715953\fms32-pro\fms32pro.exe |
"TCP Query User{76686EA4-DD18-451E-A330-062497873014}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{7D23A346-4F32-4E6D-AFDF-CDDCD6400506}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{7D50FECC-F100-4645-8EFA-699D65465D5F}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{8F1F250C-EDEC-4221-8160-87D3E243D38F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{94B21DFD-2671-4A0F-99A0-689D0A3A4B2F}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{9A05187B-6508-4D52-8581-A78332E1B0C3}C:\program files\resussim prehospital\ph\ph_app.exe" = protocol=6 | dir=in | app=c:\program files\resussim prehospital\ph\ph_app.exe |
"TCP Query User{B4E0C8E5-2363-4D43-90C3-09E052B2802B}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{BCE48364-382E-41AD-AD0C-9DD9543B0E46}C:\program files\heirue-soft\fms32-pro\fms32-pro\fms32pro.exe" = protocol=6 | dir=in | app=c:\program files\heirue-soft\fms32-pro\fms32-pro\fms32pro.exe |
"TCP Query User{BD2B2073-3E45-404E-9A5B-7D6848E59AB5}C:\program files\heirue-soft\fms32-pro\fms32-pro\fms32pro.exe" = protocol=6 | dir=in | app=c:\program files\heirue-soft\fms32-pro\fms32-pro\fms32pro.exe |
"TCP Query User{C06C580B-7323-44DD-8CA9-255FD9EE2CFB}C:\users\basti\desktop\zeuch\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\basti\desktop\zeuch\counter-strike 1.6\hl.exe |
"TCP Query User{C4E4F222-1ECE-4398-8763-08162343134D}C:\users\basti\desktop\zeuch\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\basti\desktop\zeuch\counter-strike 1.6\hl.exe |
"TCP Query User{C52700DA-4853-40BB-9055-6BD849EB4198}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{C9FF3FDB-1E2C-472B-9AD9-CAF9EFF8DB60}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{D2A0CBEA-A720-4F27-815B-9ACB382B0926}C:\program files\edpnet\server\edpserver.exe" = protocol=6 | dir=in | app=c:\program files\edpnet\server\edpserver.exe |
"TCP Query User{E7E6B9EF-A8BA-4E9F-B30D-87AD3CFB8524}C:\program files\edpnet\server\edpserver.exe" = protocol=6 | dir=in | app=c:\program files\edpnet\server\edpserver.exe |
"UDP Query User{0942FEEE-B894-4E5A-A95D-9404C5546B75}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{096CBA74-B080-4863-8BC9-F2A673AE3077}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{16591034-DD73-46D3-B2F6-25A72A4F08E0}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{1ED280FB-AABA-445F-BF71-5E7AF31A60D4}C:\users\basti\desktop\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\basti\desktop\counter-strike 1.6\hl.exe |
"UDP Query User{28ADD923-6C55-4AA1-8C6E-1631112CC9A3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2DA1DF48-2736-433C-AB72-ED4D37C9E537}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{316C7980-DBB3-4864-B915-4BB88316642B}C:\program files\heirue-soft\fms32-pro\fms32-pro\fms32pro.exe" = protocol=17 | dir=in | app=c:\program files\heirue-soft\fms32-pro\fms32-pro\fms32pro.exe |
"UDP Query User{3D5994C9-B4A6-4154-9A24-C124AB355A33}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{3E97FD27-56E4-4EE5-9EDB-A4B50B3AA69B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3EC5CBAD-855E-4CC3-B924-C4EA05FDDE13}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{407C57C9-4012-4CEA-8496-5152B5AFB109}C:\program files\resussim prehospital\ph\ph_app.exe" = protocol=17 | dir=in | app=c:\program files\resussim prehospital\ph\ph_app.exe |
"UDP Query User{41FBF841-BE5E-4FB6-A43D-8E21DCF12766}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{4208635B-B090-4609-8D39-D3760F5C98AF}C:\program files\edpnet\server\edpserver.exe" = protocol=17 | dir=in | app=c:\program files\edpnet\server\edpserver.exe |
"UDP Query User{48BA9413-FEEB-485C-84E3-425AF94251CE}C:\users\basti\desktop\zeuch\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\basti\desktop\zeuch\counter-strike 1.6\hl.exe |
"UDP Query User{5639B10B-C45F-4BFA-8792-F73C441F94D3}C:\users\basti\desktop\poc32\poc32\poc32.exe" = protocol=17 | dir=in | app=c:\users\basti\desktop\poc32\poc32\poc32.exe |
"UDP Query User{697BD9AE-F5AA-4AD8-96E6-5097A0A6B539}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{75F2F5ED-95C2-4EEE-8765-F17570F8E609}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{7CB41120-9B48-405A-BC72-95DC5377A517}C:\program files\samsung\samsung new pc studio\npsmediamanager.exe" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsmediamanager.exe |
"UDP Query User{8F023EE2-5754-4943-83F0-355ECE7E224D}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{9B1315AB-C0C8-4DF4-BD99-507CD051E322}C:\program files\heirue-soft\fms32-pro\fms32-pro\fms32pro.exe" = protocol=17 | dir=in | app=c:\program files\heirue-soft\fms32-pro\fms32-pro\fms32pro.exe |
"UDP Query User{A851687E-721B-4AC5-83E3-B785C2E910BB}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B156A691-AE90-4D03-9DF5-4FFD2185C6D5}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{B46BA46C-F65D-46FD-9580-BD0B3B3B88C8}C:\users\basti\desktop\fms32-pro\fms32pro.exe" = protocol=17 | dir=in | app=c:\users\basti\desktop\fms32-pro\fms32pro.exe |
"UDP Query User{B4CA8861-C898-4242-8A00-E7365DBDE995}C:\users\basti\desktop\zeuch\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\basti\desktop\zeuch\counter-strike 1.6\hl.exe |
"UDP Query User{BF15A7DF-9AED-4050-950E-501E0329BC87}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CC82673B-FD61-4D17-B170-7CFB3BC184F4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D35137C7-EE7D-4E35-83D9-68ACCDF79150}C:\program files\heirue-soft\fms32-pro\fms32prodemo.exe" = protocol=17 | dir=in | app=c:\program files\heirue-soft\fms32-pro\fms32prodemo.exe |
"UDP Query User{DA55DAC8-6330-413C-AD8E-6120631E17F2}C:\users\basti\documents\icq lite\220849967\jannik_316715953\fms32-pro\fms32pro.exe" = protocol=17 | dir=in | app=c:\users\basti\documents\icq lite\220849967\jannik_316715953\fms32-pro\fms32pro.exe |
"UDP Query User{DB6CE7B2-43A9-4E3B-B270-9F50EE041CD4}C:\program files\heirue-soft\fms32-pro\fms32pro.exe" = protocol=17 | dir=in | app=c:\program files\heirue-soft\fms32-pro\fms32pro.exe |
"UDP Query User{EFDB385D-1A7A-4006-9F22-7E983397F075}C:\program files\resussim prehospital\ph\ph_app.exe" = protocol=17 | dir=in | app=c:\program files\resussim prehospital\ph\ph_app.exe |
"UDP Query User{F1655CBC-5757-43D4-A515-CE2390CFE6A9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F79BE59B-A415-40E0-BB74-CEED0DE5AA73}E:\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=e:\counter-strike 1.6\hl.exe |
"UDP Query User{FE5FF5AA-4302-4B33-9167-F8AB9AAE434A}C:\program files\edpnet\server\edpserver.exe" = protocol=17 | dir=in | app=c:\program files\edpnet\server\edpserver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0044F0FA-A821-D55F-2E99-1F670FBBBE87}" = CCC Help Chinese Traditional
"{048DB452-C8B0-4A8D-89AF-84A6B149E1EE}" = Meine Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{173F34FC-0906-B2FB-3E4D-2E6D8D111650}" = Catalyst Control Center Graphics Previews Vista
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.006.00
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{364687E1-D0CC-4B91-B310-6C5ED28C1031}" = Nero 8
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AC1D2AB-6216-CA21-A2A2-73651D6CD8CA}" = Catalyst Control Center Localization Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C973102-D38E-A465-ADF3-DB76D5483F17}" = Skins
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0CF9AD-A0E9-F60B-1A5F-880EC995087B}" = ccc-core-static
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58587D07-A428-1D47-3B79-60C46C57B257}" = Catalyst Control Center Graphics Full Existing
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE24C68-9A68-26C6-5EF4-527BC5509A81}" = ATI Catalyst Install Manager
"{73560FD9-09FB-0047-DCC4-D1EB7CC4B523}" = Catalyst Control Center Graphics Light
"{74D61AFF-7D95-6C0E-C842-220F9771C27D}" = Catalyst Control Center Core Implementation
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7B4C7E0-078F-42D6-90B2-001400795416}" = NWZ-S750 WALKMAN Guide
"{BABBBC81-E703-EEC4-60FE-3E80FCA21F9B}" = CCC Help Japanese
"{BFCBEAB8-6063-1EB9-FE3E-B886323E8A72}" = ccc-utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF45C71B-906E-A45F-DEC7-762F05713E9A}" = Catalyst Control Center Localization Chinese Standard
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0CAD7A7-9733-2EF4-5058-998F8AA7BC0E}" = Catalyst Control Center Localization Japanese
"{D27EBE48-BB20-DAA7-DB86-F623BFB75D63}" = CCC Help Chinese Standard
"{DBC781DF-579D-A01E-C921-4252FDEECD04}" = CCC Help English
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA2A4919-7FCE-B8D4-9C22-D0E7F5AA93B6}" = Catalyst Control Center Graphics Full New
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EDPnet_is1" = EDPnet 3.2.2
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"EzManual" = EzManual
"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Rainlendar2" = Rainlendar2 (remove only)
"RD-Office" = RD-Office
"RealPlayer 6.0" = RealPlayer
"ResusSim Prehospital" = ResusSim Prehospital
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = FMS32-PRO - Demoversion
"Switch" = Switch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Telekom Fotoservice" = Telekom Fotoservice
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2011 21:00:13 | Computer Name = Basti-PC | Source = Perflib | ID = 1010
Description =
Error - 29.05.2011 03:43:08 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.05.2011 03:43:08 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.05.2011 04:50:10 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.05.2011 04:50:10 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.05.2011 04:53:51 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung kv4nblqb.exe, Version 1.0.15.15627, Zeitstempel
0x4dc13e64, fehlerhaftes Modul kv4nblqb.exe, Version 1.0.15.15627, Zeitstempel
0x4dc13e64, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0xdbc, Anwendungsstartzeit
01cc1ddda197cc6f.
Error - 29.05.2011 10:06:32 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.05.2011 10:06:32 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.05.2011 10:19:59 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.05.2011 10:19:59 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 16.05.2011 09:13:50 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.05.2011 09:13:50 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.05.2011 09:13:55 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.05.2011 09:14:12 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.05.2011 09:14:12 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.05.2011 10:17:22 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.05.2011 um 15:41:09 unerwartet heruntergefahren.
Error - 29.05.2011 04:48:43 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.05.2011 um 10:44:04 unerwartet heruntergefahren.
Error - 29.05.2011 10:28:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 29.05.2011 10:36:45 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 29.05.2011 10:42:16 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7030
Description =
< End of report >
|
| Themen zu System sehr langsam! TR/Spyeye.FA? |
| 0x00000001, antivir, autorun, avira, benutzerregistrierung, bho, canon, desktop, error, firefox, flash player, google, grand theft auto, helper, install.exe, installation, keine rückmeldung, langsam, logfile, malware, mozilla, nt.dll, oldtimer, pdfforge toolbar, plug-in, problem, programm, realtek, registry, sched.exe, searchplugins, security, sehr langsam, shell32.dll, shortcut, software, start menu, studio, svchost.exe, system, system langsam, tr/spyeye.fa langsam absturtz, verweise, virus gefunden, visual studio, windows |
Baum-Darstellung