Hallo cosinus,
vielen Dank für deine Antwort.
Ich habe gestern schon einmal den Malwarebytes Scan laufen lassen (siehe erster Log), die 2. Logfile ist dem beigefügt. OTL+Extras-Log am Ende: Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4166
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
03.06.2010 14:28:27
mbam-log-2010-06-03 (14-28-27).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 122851
Laufzeit: 7 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4166
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
04.06.2010 15:01:22
mbam-log-2010-06-04 (15-01-22).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 296850
Laufzeit: 1 Stunde(n), 31 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Torrents\Photoshop CS4 (Keygen and tutorial)\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Felix\Desktop\ajo\Adobe CS4 Master Collection Keygen.rar Folder\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
OTL logfile created on: 04.06.2010 15:05:22 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Felix\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,37 Gb Total Space | 18,30 Gb Free Space | 27,17% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 24,49 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive E: | 32,70 Gb Total Space | 9,50 Gb Free Space | 29,06% Space Free | Partition Type: NTFS
Drive F: | 279,46 Gb Total Space | 4,50 Gb Free Space | 1,61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FELIX-PC
Current User Name: Felix
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Felix\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Miranda IM\miranda32.exe ( )
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
========== Modules (SafeList) ==========
MOD - C:\Users\Felix\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (CLTNetCnService) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
========== Driver Services (SafeList) ==========
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.08.14 16:44:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.04.21 14:10:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 21:45:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 11:41:44 | 000,000,000 | ---D | M]
[2008.06.24 20:43:00 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions
[2010.06.04 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions
[2009.09.05 12:41:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.08.13 19:38:53 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010.01.23 23:34:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.21 13:39:43 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions\firegestures@xuldev.org
[2010.04.10 14:21:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.15 12:44:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.15 12:44:44 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.15 12:44:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.15 12:44:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.15 12:44:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ( )
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0dc041a0-5a38-11de-bf61-001060d010e9}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe -- File not found
O33 - MountPoints2\{0dc041a0-5a38-11de-bf61-001060d010e9}\Shell\open\command - "" = J:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe -- File not found
O33 - MountPoints2\{b627ca8c-2fdc-11de-bcaa-001060d010e9}\Shell\AutoRun\command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{b627ca8c-2fdc-11de-bcaa-001060d010e9}\Shell\Explore\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{b627ca8c-2fdc-11de-bcaa-001060d010e9}\Shell\Open\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = RECYCLER\launch.exe
O33 - MountPoints2\F\Shell\open\command - "" = RECYCLER\launch.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = RECYCLER\launch.exe
O33 - MountPoints2\I\Shell\open\command - "" = RECYCLER\launch.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.06.04 15:04:30 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2010.06.03 15:36:19 | 000,000,000 | ---D | C] -- C:\SDFix
[2010.06.03 15:31:28 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.03 14:35:08 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\Autoruns
[2010.06.03 14:19:11 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes
[2010.06.03 14:19:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.03 14:19:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.03 14:19:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 14:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.22 18:34:28 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[2010.05.15 15:46:22 | 000,000,000 | ---D | C] -- C:\Programme\JRE
[2010.05.13 12:05:38 | 000,000,000 | ---D | C] -- C:\c2950d10e50d243e1ce7b9
[2010.05.12 23:18:23 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\PunkBuster
[2010.05.12 23:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[1 C:\Users\Felix\Desktop\*.tmp files -> C:\Users\Felix\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.04 15:05:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.04 15:05:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.04 15:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1FA59953-7E30-4B98-8E98-1D9955FF7B30}.job
[2010.06.04 15:04:54 | 002,621,440 | -HS- | M] () -- C:\Users\Felix\NTUSER.DAT
[2010.06.04 15:01:49 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\assivlu.sys
[2010.06.04 14:36:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115076939-1105052490-2296333666-1000UA.job
[2010.06.04 14:25:37 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.04 14:25:37 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.04 13:43:43 | 000,139,336 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.06.04 13:43:29 | 000,214,720 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.06.04 13:31:25 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.04 13:31:25 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.04 13:31:25 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.04 13:31:25 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.04 13:31:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.04 13:27:01 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2010.06.04 12:25:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.04 12:25:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.04 01:53:46 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.04 01:53:41 | 002,049,257 | -H-- | M] () -- C:\Users\Felix\AppData\Local\IconCache.db
[2010.06.03 15:38:41 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115076939-1105052490-2296333666-1000Core.job
[2010.06.03 15:36:13 | 001,529,241 | ---- | M] () -- C:\Users\Felix\Desktop\SDFix.exe
[2010.06.03 15:29:25 | 000,824,681 | ---- | M] () -- C:\Users\Felix\Desktop\RSIT.exe
[2010.06.03 15:06:22 | 000,002,888 | ---- | M] () -- C:\Users\Felix\Documents\cc_20100603_150603.reg
[2010.06.03 15:05:52 | 000,029,842 | ---- | M] () -- C:\Users\Felix\Documents\cc_20100603_150542.reg
[2010.06.03 14:19:06 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 14:11:41 | 000,001,880 | ---- | M] () -- C:\Users\Felix\Desktop\HijackThis.lnk
[2010.06.02 18:50:09 | 000,000,000 | ---- | M] () -- C:\Users\Felix\AppData\Local\prvlcl.dat
[2010.06.02 12:12:04 | 060,620,360 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.05.24 21:28:24 | 000,000,600 | ---- | M] () -- C:\Users\Felix\PUTTY.RND
[2010.05.22 18:35:06 | 000,017,408 | ---- | M] () -- C:\Users\Felix\AppData\Local\WebpageIcons.db
[2010.05.16 00:01:15 | 000,077,376 | ---- | M] () -- C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.15 23:58:55 | 002,436,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.12 23:10:00 | 002,373,712 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[1 C:\Users\Felix\Desktop\*.tmp files -> C:\Users\Felix\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.06.04 15:01:49 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\assivlu.sys
[2010.06.03 15:36:12 | 001,529,241 | ---- | C] () -- C:\Users\Felix\Desktop\SDFix.exe
[2010.06.03 15:29:23 | 000,824,681 | ---- | C] () -- C:\Users\Felix\Desktop\RSIT.exe
[2010.06.03 15:06:08 | 000,002,888 | ---- | C] () -- C:\Users\Felix\Documents\cc_20100603_150603.reg
[2010.06.03 15:05:44 | 000,029,842 | ---- | C] () -- C:\Users\Felix\Documents\cc_20100603_150542.reg
[2010.06.03 14:19:06 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 14:11:41 | 000,001,880 | ---- | C] () -- C:\Users\Felix\Desktop\HijackThis.lnk
[2010.05.22 18:34:33 | 000,017,408 | ---- | C] () -- C:\Users\Felix\AppData\Local\WebpageIcons.db
[2010.05.12 23:18:36 | 000,139,336 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.12 23:18:27 | 000,214,720 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.05.12 23:10:06 | 000,214,720 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.05.12 23:10:00 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.05.12 23:10:00 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.11.07 17:08:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.06.29 10:22:03 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.06.29 10:22:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.31 22:39:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.26 22:57:07 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009.02.26 22:55:45 | 000,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2009.02.26 22:55:45 | 000,000,062 | ---- | C] () -- C:\Windows\powerlist.ini
[2009.02.26 22:55:31 | 000,001,365 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009.02.26 22:55:31 | 000,000,558 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009.02.25 23:34:55 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.02.12 19:05:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.30 17:12:37 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007.10.11 21:14:15 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007.08.14 16:54:43 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007.08.14 16:42:34 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2005.08.02 23:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
< End of report >
Code:
OTL Extras logfile created on: 04.06.2010 15:05:22 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Felix\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,37 Gb Total Space | 18,30 Gb Free Space | 27,17% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 24,49 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive E: | 32,70 Gb Total Space | 9,50 Gb Free Space | 29,06% Space Free | Partition Type: NTFS
Drive F: | 279,46 Gb Total Space | 4,50 Gb Free Space | 1,61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FELIX-PC
Current User Name: Felix
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"c:\asflkldnm9hdg3sdfffnaf.exe" = c:\asflkldnm9hdg3sdfffnaf.exe:*:Enabled:Windows UDP Control Center -- File not found
"c:\asflknaf.exe" = c:\asflknaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\asfldf43pijknaf.exe" = c:\asfldf43pijknaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf43pijknaf.exe" = c:\a35ldf43pijknaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf4343knaf.exe" = c:\a35ldf4343knaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ld9343knaf.exe" = c:\a35ld9343knaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf93knaf.exe" = c:\a35ldf93knaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf493knaf.exe" = c:\a35ldf493knaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf493k9af.exe" = c:\a35ldf493k9af.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf49k3k9af.exe" = c:\a35ldf49k3k9af.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf49k3fk9af.exe" = c:\a35ldf49k3fk9af.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf49k3fhk9af.exe" = c:\a35ldf49k3fhk9af.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf49k3ifhk9af.exe" = c:\a35ldf49k3ifhk9af.exe:*:Enabled:Windows Messenger -- File not found
"C:\Users\Felix\AppData\Local\Temp\eraseme_85454.exe" = C:\Users\Felix\AppData\Local\Temp\eraseme_85454.exe:*:Enabled:Windows UDP Control Center -- File not found
"C:\Users\Felix\AppData\Local\Temp\eraseme_67384.exe" = C:\Users\Felix\AppData\Local\Temp\eraseme_67384.exe:*:Enabled:Windows UDP Control Center -- File not found
"C:\Program Files\PPStream\update\ppstreamsetup-update090811.exe" = C:\Program Files\PPStream\update\ppstreamsetup-update090811.exe:*:Enabled:PPStream Installer -- (PPStream Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14FD022A-2351-43AE-9B0B-F653E55A06D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{35E3A108-DE26-4A6B-A03F-EEE27492EC66}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{37C092AF-1ED3-490A-AD02-40E9FB4A53AB}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{3823C52B-B224-47C3-8EE2-D38CA124BC61}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |
"{39BB8FDC-828F-4DC9-9D86-51F45563E777}" = lport=445 | protocol=6 | dir=in | app=system |
"{3FEEF757-583D-486F-AFE2-B9BAF98872C8}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{55A7BD94-7168-495A-8FAC-BD3BEEC634A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{822BD0DA-0A33-4F56-A161-D42DE7661143}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{96BF99A9-BDD5-4194-8EB7-255315D3CF8D}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{A85A840C-E737-422B-993E-AAFD4D55A839}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |
"{AACE9668-B0BF-4865-A12A-EF37F183C704}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{B14D1781-F466-40C9-894D-9C99F7191EAE}" = rport=139 | protocol=6 | dir=out | app=system |
"{B595FF32-523A-4A22-BDD5-A39FE908FA4E}" = rport=137 | protocol=17 | dir=out | app=system |
"{B62023B7-376B-4E4D-A29C-6B1119901F41}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{C68BCBBE-E587-4A14-B4AE-B4986B081D53}" = rport=138 | protocol=17 | dir=out | app=system |
"{CAFD5111-FADE-46BE-8F56-246865E7729D}" = lport=138 | protocol=17 | dir=in | app=system |
"{CCEB4AB7-A042-4856-8F26-3ACA390BB50F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D5E68FC9-1EDD-48F0-A972-68FE08D87B2D}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{EC5C24D0-910E-4CA5-A786-5AF80B2D7D35}" = lport=139 | protocol=6 | dir=in | app=system |
"{F420C1C8-1046-47D8-9DAE-4D9C6CB2FF68}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{F727905B-929E-4459-A2FE-D408F3D2EBF9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B4C608-EC8E-4FE1-88F3-A8428E52ABC5}" = protocol=6 | dir=in | app=e:\programme\league of legends\game\league of legends.exe |
"{0AA1A9C8-42DB-4301-9D98-BACD996F0EEF}" = protocol=17 | dir=in | app=e:\programme\league of legends\air\lolclient.exe |
"{0AEC979D-E7B7-4FE0-91B1-D90AA77B5EAB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{105A8E81-1021-4252-9862-A9B2E60323E1}" = protocol=6 | dir=in | app=e:\programme\league of legends\air\lolclient.exe |
"{1D3807EB-AB50-4A74-886D-10C5B025C052}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{20BCBEF2-2F5C-4986-A434-682D15E5C998}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{2668B3DB-01FC-40EC-BF60-1FC08619C676}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{291D56F2-47FD-4A70-A6FC-745E08DE4017}" = protocol=6 | dir=in | app=e:\programme\league of legends\air\lolclient.exe |
"{3714BBDF-0B8F-44C3-BD5B-2A7CDDFD7AD6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3FCB044C-12BF-46D0-AA55-94B43181C29E}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4BD7E12E-3F86-4A7C-8816-58775E350AE8}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{565877E7-EB4F-4B34-961F-C83363A58BFB}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{68889327-F9BF-4DA2-A23A-AF79A921FC9B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{69775C51-2C5B-4C51-A7BA-347781868CBE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73A0262F-15D9-49FA-ABFB-D1637FCB0279}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76433CC0-A53D-44D0-A29B-2926CDF845A8}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{76DD62AB-7271-414C-AC17-AC06F848E762}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7B8A46EF-71C1-45B1-BC2C-251F6A06A0DF}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{82A5B35D-8879-4F44-ACA1-6DB0FAF71673}" = protocol=6 | dir=in | app=e:\programme\league of legends\lol.launcher.exe |
"{84919FDF-01AF-4533-A0D6-9898A588B05D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{84C903AF-FA9A-43F4-9626-18A8E2D1A33B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8EA5343A-5D92-41DC-BE94-1BD0FA18DA35}" = protocol=17 | dir=in | app=e:\programme\league of legends\game\league of legends.exe |
"{9B9D5522-E455-48CC-906D-00794BB9A78E}" = protocol=6 | dir=in | app=e:\programme\league of legends\game\league of legends.exe |
"{9C8A2E11-1D7D-4094-8126-05278E3227AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A624BFE7-E580-457E-BE64-617AA1886E1D}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{A9A5B63B-5EF7-49C0-93A4-CD13A2502284}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{B0B8C3AB-37EB-43FC-AD14-EFBC0913D2A5}" = protocol=17 | dir=in | app=e:\programme\league of legends\air\lolclient.exe |
"{B43B6059-C715-48FE-8E07-5C0425AB7688}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{D4B73129-57BB-4CE0-AAE7-3F052D4210EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D572AB4D-24B2-4895-A94D-DF17D04DA9D4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{DCBBBD6F-8203-4C83-AC7F-A633C027C262}" = protocol=17 | dir=in | app=e:\programme\league of legends\lol.launcher.exe |
"{ECBD72CF-5362-4A16-992E-84F612542123}" = protocol=17 | dir=in | app=e:\programme\league of legends\game\league of legends.exe |
"{F09E1619-D938-4D47-B860-BFD6A8E371F2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{FDE513AE-5B7E-47A7-BD8A-D488D0E05C5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{05006FB7-09FC-4A96-B01F-68F110EE3EEA}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{0C01547D-2CCB-4173-B0C6-656C5D2038D8}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{14D79DA0-B7D2-43CC-BAB3-6F6D52713148}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{1D7FCBCB-B72E-47B7-850E-7BF98D2ABBE7}C:\users\felix\downloads\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\felix\downloads\loleudownloader.exe |
"TCP Query User{24FEC84B-49E8-49B4-8AFE-C8C8D96414C5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{26010DD5-1599-466A-83C9-DB4854C8CAA8}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{3D9D5580-C173-4965-88CD-E2EFE23BC864}C:\users\felix\desktop\pickup.listchecker.exe" = protocol=6 | dir=in | app=c:\users\felix\desktop\pickup.listchecker.exe |
"TCP Query User{5CFA77BE-A61D-4043-9B5C-D7749E348BA4}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{6452DB22-F258-44CB-8910-67DDD7E64370}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{722C2C91-1F82-4A6B-8F4F-E578E0296955}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{855C0212-14E5-4D97-ACB3-6134C841799B}E:\programme\anno1701\anno1701.exe" = protocol=6 | dir=in | app=e:\programme\anno1701\anno1701.exe |
"TCP Query User{952E3CF5-78F2-4967-B65C-F5FA69C1456F}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{9D5016CE-0E7D-4269-A5DF-CFF7988382AF}E:\programme\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\programme\warcraft iii\war3.exe |
"TCP Query User{A1D41552-799D-4DEC-9CDB-1B778EAA6A4E}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{A271C991-21C2-4B61-AB67-652CDEE01C32}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{A3537D6E-B634-40F9-B10B-C83CBC3ED281}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{B07AAE01-4A11-409C-ADA7-1B25CB1C1509}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{BBB4B2B4-490F-4615-B7FD-61B2AB7E1926}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{BC2377B5-46C1-4BB1-87AA-95F42B3E98DD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{BF1E9B89-E013-4685-91B7-F6450FB748BC}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{C7D9334A-D439-4C9D-B3BC-9DA0B59C7D09}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{CC5C90E7-1231-4E4D-974D-3948C5EEDBC5}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{D0BD2B4D-7DF2-4438-A806-4E1263FD9054}E:\programme\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\programme\warcraft iii\war3.exe |
"TCP Query User{D1F5A237-D55E-4FA9-8794-2CEB57B92ADF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F15CD3BB-D1FC-439F-9720-7CB3D9D79E7E}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{12300AD9-3879-49E3-A7BB-F3CE40C58419}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{14180D95-8A5E-4BA5-9579-BB839D1317D4}C:\users\felix\desktop\pickup.listchecker.exe" = protocol=17 | dir=in | app=c:\users\felix\desktop\pickup.listchecker.exe |
"UDP Query User{180F0B14-D0FF-4972-9E0A-58C50E83131D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{19BB9A33-2D09-4EC8-87F4-CE9F790A1A17}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{1C259867-F8AD-45BE-A3F9-D8119265DDA6}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{224072EC-5ECB-4BEC-B259-E3D0297F5D80}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{29959CE2-645C-4D83-B8A5-8381F404DFAB}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{3CC8C42E-8358-45EB-88B8-5B168816F755}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{49557CF5-7FAD-4C35-9642-E52B27F6EEC7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{55476C47-AD6A-4DD8-BEE1-133D569B0E1B}E:\programme\anno1701\anno1701.exe" = protocol=17 | dir=in | app=e:\programme\anno1701\anno1701.exe |
"UDP Query User{57D68092-A96B-43F0-B2FC-466DFC8E0796}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{630E3277-830A-4A74-BD9E-7DC0C865578C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{6949D924-2EFA-44C9-B7AF-F4A63C7BB1BF}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{717F0E4A-0E46-41B0-9E4F-8A49E20E10DB}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{80772E7B-6678-4538-AD8E-A0F159D958A0}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{87A60456-13A9-4651-943E-A69CA9A318A2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{97550BBE-0E34-4A93-A9F2-9A5CD7B52178}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{AE7A3B4E-4E30-4730-A999-D0675B2E307E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{BA5A2F76-4528-4A0E-940C-34682592FF0F}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{BC4B62A9-60CF-4EDA-A88D-1B27DB777BCB}C:\users\felix\downloads\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\felix\downloads\loleudownloader.exe |
"UDP Query User{BF4D6D41-94AA-4894-A547-531E34C0F6AA}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{C4902257-F83D-4D1F-A8E8-24C33CAC0FA8}E:\programme\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\programme\warcraft iii\war3.exe |
"UDP Query User{DF834114-4F66-4C8F-9AC5-7B088A0F7E89}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{E19A1A0F-C3BE-4100-80F9-AE5497397AEA}E:\programme\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\programme\warcraft iii\war3.exe |
"UDP Query User{FA080297-8D25-4530-A8B7-C8C8779D668D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02FF6822-32F3-ABDC-AB28-BADD33B179E3}" = Catalyst Control Center Localization Spanish
"{03137E91-D58D-58D1-436E-36344646B3ED}" = Catalyst Control Center Localization French
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9BE735-8E58-579D-38D4-21AAD1078CB3}" = Catalyst Control Center Localization Italian
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2865A8C7-1B0D-51E9-3BD2-266D3DD93352}" = CCC Help English
"{2F69743D-7DAE-4531-A620-F00CF4AE9D99}" = CCC Help Italian
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{321A415E-BEAE-3EFE-2264-27E438B33706}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35D3072F-0774-8F06-6206-36AFC7204C72}" = Catalyst Control Center Localization Japanese
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37EAF661-98E1-5582-2AEF-BF6C81BCC4BC}" = Catalyst Control Center Localization Korean
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ADEA896-0F0A-BFE8-6C65-5D02505F43CA}" = CCC Help Swedish
"{3B23A70B-B838-1C3E-F911-624EBB63BB39}" = Catalyst Control Center Localization German
"{3B2BCE7B-C9BE-8BCD-1107-72A99059266F}" = CCC Help Chinese Traditional
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{409A5CF6-961C-A49A-32F1-D1542BE07650}" = Catalyst Control Center Localization Swedish
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C47DA93-303F-4165-918B-BCBAD9099DB8}" = Russisch für Deutsche - empfohlen
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}" = Opera 9.27
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61B73ACB-FBE9-EA0D-831D-38B3907B6056}" = CCC Help Dutch
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66014086-AC67-A425-ABDE-1652B322E977}" = CCC Help Korean
"{66707D40-272D-7C9A-CA53-983515730096}" = Catalyst Control Center Localization Chinese Traditional
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B5D479C-92D4-B303-4C31-50CC1460A9F2}" = CCC Help Japanese
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{8073DF82-5740-187C-7453-64D2689FD0AD}" = CCC Help Spanish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9C02D4CB-2373-9A0B-E3C5-2613A1B4A7FF}" = Catalyst Control Center Graphics Previews Vista
"{A0B987C7-1AA7-6A59-F7BB-5026406A7866}" = Catalyst Control Center Localization Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA3DDA7B-A960-51C2-69C5-86F3AFB3E074}" = Catalyst Control Center InstallProxy
"{AB1F2BA8-F45A-9AC3-ACC2-5890D7C8A24F}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2A4B681-FAE7-9942-09D0-44BAB8147AB5}" = CCC Help Portuguese
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C4601137-FDD1-4579-BE2D-1FBF093FB906}" = ccc-Branding
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC670BBB-364E-A336-10D1-97034B1529D7}" = CCC Help Chinese Standard
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6CD7A9-7528-0934-CE5A-0B165764E367}" = Catalyst Control Center Localization Portuguese
"{CEE5F860-7FAB-80D0-E7CF-022C18B95E25}" = ATI Catalyst Install Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E824B078-B8DD-29F1-04DF-65C5D2468B44}" = CCC Help German
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"841F246A60607D129BAE7F771CB55E7B3EF8BCF8" = Windows Driver Package - Intel (NETw2v32) net (11/01/2006 9.1.0.111)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"AVG9Uninstall" = AVG Free 9.0
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"Broken Sword 2.5_is1" = Broken Sword 2.5
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"foobar2000" = foobar2000 v0.9.4.5
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"LastFM_is1" = Last.fm 1.5.4.24567
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.24
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MusicBrainz Picard" = MusicBrainz Picard 0.7.2
"PPLive" = PPLive 2.0
"PPS_is1" = PPS
"PPStream" = PPStream V2.6.86.8898 Final
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TVAnts 1.0" = TVAnts 1.0
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLems_is1" = WinLems 1.24
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.03.2009 19:13:29 | Computer Name = Felix-PC | Source = EventSystem | ID = 4621
Description =
Error - 19.03.2009 07:34:50 | Computer Name = Felix-PC | Source = WerSvc | ID = 5007
Description =
Error - 19.03.2009 23:18:59 | Computer Name = Felix-PC | Source = EventSystem | ID = 4621
Description =
Error - 20.03.2009 12:16:10 | Computer Name = Felix-PC | Source = WerSvc | ID = 5007
Description =
Error - 20.03.2009 16:14:37 | Computer Name = Felix-PC | Source = Perflib | ID = 1008
Description =
Error - 20.03.2009 16:14:37 | Computer Name = Felix-PC | Source = Perflib | ID = 1010
Description =
Error - 20.03.2009 16:14:37 | Computer Name = Felix-PC | Source = Perflib | ID = 1008
Description =
Error - 20.03.2009 16:14:43 | Computer Name = Felix-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
einem nicht unterstützten Abfragetyp aufgerufen.
Error - 20.03.2009 16:16:49 | Computer Name = Felix-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
einem nicht unterstützten Abfragetyp aufgerufen.
Error - 20.03.2009 16:22:47 | Computer Name = Felix-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
einem nicht unterstützten Abfragetyp aufgerufen.
[ System Events ]
Error - 03.06.2010 09:41:30 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2010 09:55:34 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2010 09:55:34 | Computer Name = Felix-PC | Source = LSM | ID = 1048
Description =
Error - 03.06.2010 09:55:53 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2010 09:56:00 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2010 09:56:03 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2010 09:56:03 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2010 09:56:03 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2010 13:17:50 | Computer Name = Felix-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 03.06.2010 17:54:15 | Computer Name = Felix-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
|
SDfix startet nicht (vs. winudpmgr.exe Trojaner)
(https://www.trojaner-board.de/86729-sdfix-startet-vs-winudpmgr-exe-trojaner.html)