Google Links leiten des öfteren falsch weiter
So,
Als erstes die Logfile von Malwarebytes :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4432
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
16.08.2010 20:58:24
mbam-log-2010-08-16 (20-58-24).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 318477
Laufzeit: 6 Stunde(n), 30 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 23
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\registrymonitor2 (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\PRAGMArvcmvfqtnw (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\$Recycle.Bin\S-1-5-21-3353481963-3739831721-2344158522-1005\$RJMMEMH.exe (HackTool.Sniffer.WpePro) -> Quarantined and deleted successfully.
C:\Users\Karakurt\AppData\Local\Temp\BF37.tmp (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Users\Karakurt\AppData\Local\Temp\tmpaa9f9825\MicrosoftOutlook.2.31.17.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Karakurt\AppData\Roaming\Ehyv\leom.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Karakurt\AppData\Roaming\Ukuxu\tuusi.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YW6HHXO\5-direct[1].ex (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Taylan\Desktop\CL\CryptLoad\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Taylan\Desktop\CL\CryptLoad\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\Windows\PRAGMArvcmvfqtnw\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\About.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Activate.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Antivirus Support.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Buy.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Scan.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Settings.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Update.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\cleansweep.exe\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Local\Temp\PRAGMA5374.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Karakurt.KARAKURT\AppData\Local\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Taylan\AppData\Local\Temp\svchost.bat (Backdoor.IRCBot) -> Delete on reboot.
Hier die OTL.Txt:
OTL Logfile: Code:
OTL logfile created on: 16.08.2010 21:08:49 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Taylan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 58,02 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,89 Gb Free Space | 20,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1020,00 Mb Total Space | 1017,69 Mb Free Space | 99,77% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KARAKURT
Current User Name: Taylan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Taylan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Disk_Monitor.exe (Neodio Corp.)
========== Modules (SafeList) ==========
MOD - C:\Users\Taylan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (0179501240493299mcinstcleanup) McAfee Application Installer Cleanup (0179501240493299) -- C:\windows\TEMP\017950~1.EXE File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cmnsusbser) -- C:\windows\System32\DRIVERS\cmnsusbser.sys File not found
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (hcw17bda) -- C:\Windows\System32\drivers\hcw17bda.sys (Hauppauge Computer Works, Inc.)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)
DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.12 18:37:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 17:15:51 | 000,000,000 | ---D | M]
[2010.07.07 15:42:09 | 000,000,000 | ---D | M] -- C:\Users\Taylan\AppData\Roaming\Mozilla\Extensions
[2010.08.15 16:30:51 | 000,000,000 | ---D | M] -- C:\Users\Taylan\AppData\Roaming\Mozilla\Firefox\Profiles\5yp1xnug.default\extensions
[2010.07.15 10:10:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Taylan\AppData\Roaming\Mozilla\Firefox\Profiles\5yp1xnug.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.11 08:15:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Taylan\AppData\Roaming\Mozilla\Firefox\Profiles\5yp1xnug.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.16 02:15:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 17:15:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.01 21:23:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 21:23:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.01 21:23:51 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.01 21:23:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.01 21:23:51 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.08.15 17:04:23 | 000,415,885 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14380 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [Disk Monitor] C:\Disk_Monitor.exe (Neodio Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.25 16:16:58 | 000,000,076 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{4980d59d-7f05-11df-bb67-0024813f23a3}\Shell - "" = AutoRun
O33 - MountPoints2\{4980d59d-7f05-11df-bb67-0024813f23a3}\Shell\AutoRun\command - "" = H:\AUTOSTARTER.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.08.16 21:06:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Taylan\Desktop\OTL.exe
[2010.08.16 12:39:51 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Desktop\Nokia+
[2010.08.15 17:26:37 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Desktop\Games
[2010.08.15 16:30:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.08.15 16:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.15 15:20:46 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Roaming\Malwarebytes
[2010.08.15 15:20:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.08.15 15:20:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.08.15 15:20:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.15 15:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.15 15:05:45 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.13 07:02:48 | 000,000,000 | ---D | C] -- C:\windows\System32\MpEngineStore
[2010.08.12 18:48:06 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\windows\System\MSVCRT.DLL
[2010.08.12 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Roaming\Uniblue
[2010.08.12 18:15:09 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2010.08.12 18:15:00 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.08.12 18:15:00 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieencode.dll
[2010.08.12 18:14:59 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2010.08.12 18:13:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2010.08.12 18:13:37 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010.08.12 18:13:19 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010.08.12 18:13:19 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010.08.12 18:11:38 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010.08.12 18:11:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010.08.12 18:11:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010.08.12 18:11:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010.08.12 16:23:00 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Desktop\CL
[2010.08.04 18:28:32 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.08.04 17:56:32 | 007,758,840 | ---- | C] (hxxp://cryptload.info) -- C:\Users\Taylan\Desktop\CryptLoad.exe
[2010.08.04 17:31:55 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\Risen
[2010.08.04 17:29:48 | 000,000,000 | ---D | C] -- C:\windows\1C4551A64743409391E41477CD655043.TMP
[2010.08.04 17:18:00 | 000,000,000 | ---D | C] -- C:\Programme\Deep Silver
[2010.08.04 16:46:34 | 000,000,000 | ---D | C] -- C:\Programme\KRU
[2010.08.02 12:43:50 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\GUILD WARS
[2010.08.02 12:43:25 | 000,000,000 | ---D | C] -- C:\Programme\GUILD WARS
[2010.08.01 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\Oblivion
[2010.08.01 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\My Games
[2010.07.31 22:40:15 | 000,000,000 | ---D | C] -- C:\windows\System32\AGEIA
[2010.07.31 22:40:14 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies
[2010.07.31 22:38:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.07.31 18:55:54 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Neuer Ordner
[2010.07.31 18:49:23 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Support
[2010.07.31 18:49:23 | 000,000,000 | ---D | C] -- C:\Users\Taylan\images
[2010.07.31 18:49:23 | 000,000,000 | ---D | C] -- C:\Users\Taylan\data
[2010.07.31 15:32:53 | 000,000,000 | ---D | C] -- C:\windows\.mpr_file_store_32
[2010.07.31 11:35:12 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\Pinnacle VideoSpin
[2010.07.31 10:51:41 | 000,000,000 | ---D | C] -- C:\Programme\RADVideo
[2010.07.31 10:05:00 | 000,000,000 | ---D | C] -- C:\Programme\CamStudio
[2010.07.31 09:49:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Yahoo!
[2010.07.31 09:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle VideoSpin
[2010.07.31 09:49:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2010.07.31 09:49:35 | 000,000,000 | ---D | C] -- C:\Programme\Pinnacle
[2010.07.31 09:32:50 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\My WeGame Screenshots
[2010.07.31 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\My WeGame Videos
[2010.07.31 09:32:04 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\WeGame
[2010.07.31 09:31:43 | 000,000,000 | ---D | C] -- C:\Programme\WeGame
[2010.07.24 22:33:03 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\gctmp
[2010.07.24 22:32:59 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Local\Xenocode
[2010.07.24 13:03:03 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\Emicsoft Studio
[2010.07.24 13:02:51 | 000,000,000 | ---D | C] -- C:\Programme\Emicsoft Studio
[2010.07.20 20:34:47 | 000,000,000 | ---D | C] -- C:\Users\Taylan\AppData\Roaming\Credential Manager
[2010.07.20 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Documents\Bluetooth-Exchange-Ordner
[2010.07.20 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Bluetooth Software
[2010.07.20 17:04:36 | 000,000,000 | ---D | C] -- C:\Users\Taylan\Shattered Designer
[2010.07.15 20:07:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Taylan\AppData\Roaming\pcouffin.sys
[2009.04.23 15:21:51 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.04.23 15:21:50 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.08.16 21:07:58 | 006,029,312 | -HS- | M] () -- C:\Users\Taylan\ntuser.dat
[2010.08.16 21:07:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Taylan\Desktop\OTL.exe
[2010.08.16 21:04:45 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.16 21:04:45 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.16 21:02:55 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010.08.16 21:02:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010.08.16 21:02:38 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.08.16 21:02:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.08.16 21:02:29 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.16 21:00:57 | 000,007,941 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.08.16 21:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.16 21:00:05 | 000,065,536 | -HS- | M] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TM.blf
[2010.08.16 20:59:56 | 002,440,149 | -H-- | M] () -- C:\Users\Taylan\AppData\Local\IconCache.db
[2010.08.15 21:05:39 | 000,000,420 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{4574AE5D-2B2E-4700-9F04-1F62AA76121A}.job
[2010.08.15 17:16:46 | 000,524,288 | -HS- | M] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TMContainer00000000000000000002.regtrans-ms
[2010.08.15 17:04:23 | 000,415,885 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010.08.15 16:48:03 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20100815-170423.backup
[2010.08.15 16:19:32 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll
[2010.08.15 16:19:03 | 154,195,948 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010.08.15 15:59:01 | 000,524,288 | -HS- | M] () -- C:\Users\Taylan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 15:59:01 | 000,065,536 | -HS- | M] () -- C:\Users\Taylan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.08.15 15:05:46 | 000,001,874 | ---- | M] () -- C:\Users\Taylan\Desktop\HijackThis.lnk
[2010.08.14 22:45:31 | 000,000,507 | ---- | M] () -- C:\windows\ODBC.INI
[2010.08.13 09:23:49 | 000,371,072 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010.08.13 07:02:49 | 000,000,127 | ---- | M] () -- C:\windows\System32\MRT.INI
[2010.08.04 17:29:51 | 000,281,760 | ---- | M] () -- C:\windows\System32\drivers\atksgt.sys
[2010.08.04 17:29:50 | 000,025,888 | ---- | M] () -- C:\windows\System32\drivers\lirsgt.sys
[2010.08.04 16:16:59 | 001,568,228 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010.08.04 16:16:59 | 000,674,582 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.08.04 16:16:59 | 000,634,400 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.08.04 16:16:59 | 000,146,234 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.08.04 16:16:59 | 000,119,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.08.01 16:38:05 | 000,000,524 | ---- | M] () -- C:\Users\Taylan\Desktop\Fraps.lnk
[2010.08.01 16:35:38 | 000,000,023 | ---- | M] () -- C:\windows\BlendSettings.ini
[2010.07.31 22:57:04 | 000,394,041 | ---- | M] () -- C:\AnalysisLog.sr0
[2010.07.31 22:45:50 | 000,005,120 | ---- | M] () -- C:\Users\Taylan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 21:06:47 | 000,098,808 | ---- | M] () -- C:\Users\Taylan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.25 17:27:53 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2010.07.25 10:22:10 | 000,001,044 | ---- | M] () -- C:\Users\Taylan\AppData\Roaming\vso_ts_preview.xml
[2010.07.24 22:40:08 | 000,011,302 | ---- | M] () -- C:\video.pass
[2010.07.22 13:02:34 | 000,000,318 | ---- | M] () -- C:\windows\WPE PRO.INI
[2010.07.20 17:05:56 | 000,000,410 | ---- | M] () -- C:\Users\Taylan\Dokumente - Verknüpfung.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.15 16:19:42 | 000,524,288 | -HS- | C] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TMContainer00000000000000000002.regtrans-ms
[2010.08.15 16:19:42 | 000,524,288 | -HS- | C] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 16:19:41 | 000,065,536 | -HS- | C] () -- C:\Users\Taylan\ntuser.dat{03e7aad6-a878-11df-bdb7-0024813f23a3}.TM.blf
[2010.08.15 15:05:46 | 000,001,874 | ---- | C] () -- C:\Users\Taylan\Desktop\HijackThis.lnk
[2010.08.13 07:02:49 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010.08.04 17:29:51 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2010.08.04 17:29:50 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2010.08.01 16:38:05 | 000,000,524 | ---- | C] () -- C:\Users\Taylan\Desktop\Fraps.lnk
[2010.08.01 15:04:29 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2010.07.31 22:56:52 | 000,394,041 | ---- | C] () -- C:\AnalysisLog.sr0
[2010.07.25 17:27:53 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010.07.24 22:36:48 | 000,011,302 | ---- | C] () -- C:\video.pass
[2010.07.22 13:02:25 | 000,000,318 | ---- | C] () -- C:\windows\WPE PRO.INI
[2010.07.20 17:05:56 | 000,000,410 | ---- | C] () -- C:\Users\Taylan\Dokumente - Verknüpfung.lnk
[2010.07.15 20:20:05 | 000,005,120 | ---- | C] () -- C:\Users\Taylan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 20:09:43 | 000,001,044 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\vso_ts_preview.xml
[2010.07.15 20:08:15 | 000,000,034 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\pcouffin.log
[2010.07.15 20:07:00 | 000,087,608 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\inst.exe
[2010.07.15 20:07:00 | 000,007,887 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\pcouffin.cat
[2010.07.15 20:07:00 | 000,001,144 | ---- | C] () -- C:\Users\Taylan\AppData\Roaming\pcouffin.inf
[2010.07.08 16:50:34 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2010.07.07 15:41:49 | 000,000,000 | ---- | C] () -- C:\Users\Taylan\AppData\Local\QSwitch.txt
[2010.07.07 15:41:49 | 000,000,000 | ---- | C] () -- C:\Users\Taylan\AppData\Local\DSwitch.txt
[2010.07.07 15:41:49 | 000,000,000 | ---- | C] () -- C:\Users\Taylan\AppData\Local\AtStart.txt
[2010.05.15 16:59:00 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010.04.26 18:32:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.25 17:26:19 | 001,970,176 | ---- | C] () -- C:\windows\System32\d3dx9.dll
[2010.04.07 17:00:47 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010.02.07 14:11:29 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2009.11.15 20:47:16 | 000,006,259 | ---- | C] () -- C:\windows\HCWPNP.INI
[2009.11.12 15:10:58 | 000,033,807 | ---- | C] () -- C:\windows\Irremote.ini
[2009.11.12 15:10:35 | 000,000,507 | ---- | C] () -- C:\windows\ODBC.INI
[2009.04.23 15:21:50 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.04.23 15:21:50 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.04.23 15:21:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008.07.23 15:38:17 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008.07.23 15:38:17 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008.07.23 15:38:17 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008.07.23 15:38:17 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008.07.23 15:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.30 18:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.21 11:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
[1997.09.08 16:10:00 | 000,056,832 | ---- | C] () -- C:\windows\System32\iyvu9_32.dll
< End of report >
--- --- ---
Und als Letztes die Extras.Txt: Code:
OTL Extras logfile created on: 16.08.2010 21:08:49 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Taylan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 58,02 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,89 Gb Free Space | 20,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1020,00 Mb Total Space | 1017,69 Mb Free Space | 99,77% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KARAKURT
Current User Name: Taylan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150F69A0-B77F-482E-9C2B-D5D05D506F60}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{233AEA61-1B33-4322-9143-6F1B108FAD28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{29AD1150-169E-425D-B2E1-484C5D75C0EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{2D921E4E-13AB-4DDC-B125-5F29F2024B7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31701E86-88E3-4CB8-BD20-F1061940815A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35BCEF93-8673-495E-B3D7-C13AD531F859}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{38666E5A-1146-4ADA-8E18-B4A22079D8CE}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E3B8FDE-5EFF-4E26-A73E-5AAB2826CF1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42C10D27-98D7-41C9-8064-1DDFE1B46CA4}" = lport=139 | protocol=6 | dir=in | app=system |
"{524E3BF8-4813-4E07-919E-402BFE495DDE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5296D6C3-7412-47CD-AE6A-0ADBA3BE3834}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62BD10CB-1E11-4F73-B77D-5AA64D722EE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{70078C23-E7F8-4274-BFA7-21E4FF2FFB2C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7188ABCB-0AD4-4832-A7DF-6E1EC4157763}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7650EB08-3C14-4AF7-8A77-A28531C3E99A}" = lport=13139 | protocol=17 | dir=in | name=star wars(r): empire at war(tm): forces of corruption(tm) |
"{7D75258B-C31E-47A3-A990-902570E1C482}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FDB5D59-091A-468B-9E4E-A13FBB9CD719}" = lport=6500 | protocol=17 | dir=in | name=star wars(r): empire at war(tm): forces of corruption(tm) |
"{872E7A46-486F-4FFC-A172-0FAB83D81D8C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91BCC85B-9BE6-4D42-BA87-78A7EDFAAEFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{94DC37C8-719F-42E5-9AD9-0CDA5953A8C6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9723CE3D-CE23-4813-A2EC-CE380A369F70}" = rport=137 | protocol=17 | dir=out | app=system |
"{9D78EA2A-1A81-4B68-81BD-2FA9B044B00C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A4832F31-5626-40A9-9F2B-9A547086F910}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B10EFA8E-AAF0-49A6-8594-D75E75D9B65F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C6F5F7C0-4FC4-4C09-8890-97157D0EFF75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7E46026-4E04-4434-A083-ED55EDE5A206}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF8E7D5A-732D-4399-8919-F610C92304C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E2359A78-6F13-4506-B54C-04EA90492EBF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F223F28A-3DB6-4662-831C-0F8A1686E64E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8B58276-D092-4249-AD6D-CAF4BA9DBA34}" = lport=138 | protocol=17 | dir=in | app=system |
"{FDB4D7F7-7E88-4107-93E4-D6EC5C931548}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026AA5F3-5157-4949-B3F2-7F99593FD913}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E41888D-E29C-4D86-B01A-CFF59DE5769F}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{13B21AAD-7356-4D20-8619-B31560E16A66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1528E5CD-E3B1-4749-85C4-F618739A92B3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1C3A2D71-1B79-45E1-9493-7BB37D86C34F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{21528B62-23A6-4310-ACE8-7882E8E52AE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2468D2C4-60F9-4E3F-A1E9-C8F4A978DAAA}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{2E10C0F6-7025-4999-9FFB-CBF44E469679}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2FCF8C53-C7BD-47B5-9159-DDF43968B3D7}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{344F0119-7FD2-479C-8A5F-343E1CB6F872}" = protocol=6 | dir=out | app=system |
"{3EE346A2-F005-44E1-8C04-9B5216E90C88}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4657EF35-6C48-4E8D-8E93-05C51A10CB4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{47947B17-F7AF-4BEF-AB38-7C1549063A8A}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{4874A6CB-53B5-4F00-9C89-627FDB173073}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{49C57AC0-96A4-4296-B658-A757ECD94C92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D2FF80B-BACA-4432-86E4-9AB1FC551084}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4EB8E202-18CE-47F2-B915-2AD933A61C56}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{52007A3C-62FC-4504-9178-FCE21740456F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{69046B04-CE89-4438-A5F1-2BE0AEABE190}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8171F608-8D22-4BEC-8884-007B9281D15C}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{83E21F68-0BC3-496E-89BC-3A85E78E7946}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87BF3BDA-7512-44A7-A899-29610A1F77AA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D3C41AF-B8D0-4186-81AE-845C942C9497}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{A0E5FFE2-F0A7-4B22-9C2F-6AC5B96CA997}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A338F4E0-7AA1-4432-8B19-5DD4C7BE6A07}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B81B5E59-E1DC-47E9-9EAC-0FC20272BBE6}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B8D2AB85-E523-444E-8F3A-B4C030D07A01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA3D5710-460A-4AC5-A7FC-2E00502ED664}" = dir=in | name=usenet.nl |
"{BDA7B49C-51B9-4E32-B307-AE626D10D098}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{C3DE85AB-896B-4F38-9AD0-3DACD99B4AA1}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C8947545-6623-4EB5-A47C-AD5BF1C1D3D6}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{CA3A4834-1181-4337-98D4-DFA74977CF21}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB51A3B9-5AD8-497D-8503-5D0ACC4AC9BB}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{D09F098C-E62F-48B1-A497-71F54C70047C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D3877550-89FD-4915-BF6C-16739696BE66}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{D6E3E2D9-E692-432B-A274-F75FE6E0D2A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBBC25CE-CD99-43BC-9EAD-75921B8FD183}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0402D9B-78BB-4FEF-A0B2-92DD0A1CF207}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E0896757-EA1C-46D6-9821-FFA6A9366CE8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E7091CF0-6BCA-4C61-85BD-F85DF814CCA9}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{F5A08C2E-791D-444F-92ED-910189A725ED}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{FD5403C4-94FF-4D06-8D58-93BAB7B75277}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{021CCDEE-B623-4DF2-B6FF-FEE69DD5FA3B}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{05D4495F-7ED0-4EC5-A074-E64A084BB33A}C:\users\gerd\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gerd\program files\dna\btdna.exe |
"TCP Query User{0BEC262B-A9D9-4C20-9983-BE461C212C12}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{1994CCFD-E349-4B58-984E-9749A0C067EC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{4926E495-E2C0-484D-B3A0-96EB76231661}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4BCBD5DC-5ED9-4C72-B23A-E67E0C820D86}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{588D7A28-8BF4-430F-82E8-E3F7E6624D3E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{59E6AD62-ED30-47E0-B65D-60E3A3298CC3}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{8B2A2E11-2D53-41B3-85A4-7F22306648D2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{AED70859-8B37-4D14-95C8-10F189AED0E7}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{B026E2ED-2592-40F0-B5F2-0E81592DFFB0}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{BE804FE9-10D7-4616-BC30-B5C96DCB2573}C:\users\gerd\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\gerd\stronghold crusader\stronghold crusader.exe |
"TCP Query User{C113B1CF-D52B-4348-B5F4-97B672BC155B}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{C654BADA-A922-415D-9938-60EDEA9F5C24}C:\users\gerd\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\gerd\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |
"TCP Query User{DAEBAD26-D299-4B5C-8F84-BE7E44A37566}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{F0924693-2930-4F09-8772-D36DA4F2ADA9}C:\users\gerd\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=6 | dir=in | app=c:\users\gerd\downloads\fogdownloader-rom_2_1_6_2049.exe |
"TCP Query User{F9777F6D-9516-4FDC-9603-8761FC8A1666}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{117618B1-D0EB-4B91-BCFD-6CE0E8599C33}C:\users\gerd\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\gerd\stronghold crusader\stronghold crusader.exe |
"UDP Query User{227B38E7-F2BC-437D-A40E-3DFC851EDE7B}C:\users\gerd\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\gerd\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |
"UDP Query User{2CF863D3-FF75-42D1-9A9B-00C4336F9C21}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{5F14F98E-FD95-46D5-83FA-548C117A741F}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{6D069016-C631-40D3-8994-DD7557AA7949}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{6E12E047-629B-4249-B659-49AB41965F7C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{92E14568-4537-4C6D-B2A2-4A6CE611432C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9FEF5AF7-0AE6-4DC5-BBE5-BDFF0C931279}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{AFC16387-9A20-4899-A329-E28083F08838}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{B610630B-AB2D-45CE-BF70-AFED9507F8C4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CB88B3B1-87B7-4EE3-8606-3486CC99D86B}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{CF25FB2E-1957-40C6-B6B5-29647A4ACAA5}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{E07A4C29-0C21-4E46-BEFD-64502F804705}C:\users\gerd\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=17 | dir=in | app=c:\users\gerd\downloads\fogdownloader-rom_2_1_6_2049.exe |
"UDP Query User{EDB242C7-1092-4807-9479-32F84EEF1980}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{F864CD32-918C-4DC6-A7D6-3E5A4D099A60}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{FAF9A7D1-3B06-473D-BA20-C1ECF220D886}C:\users\gerd\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gerd\program files\dna\btdna.exe |
"UDP Query User{FE6A1B47-8813-46A0-8EEB-F4690839C75B}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish
"{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese
"{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai
"{1C52C859-8E8E-4E69-9608-C923644AC1E0}" = LG PC Suite III
"{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}" = FOCMapEditor
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch
"{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}" = Blasc3
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193d
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish
"{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
"{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian
"{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean
"{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1" = Battlefront Extreme 2.2
"{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean
"{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish
"{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish
"{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish
"{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
"{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek
"{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
"{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins
"{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish
"{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English
"{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Azureus" = Azureus
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DivX Setup.divx.com" = DivX-Setup
"Emicsoft Video Converter_is1" = Emicsoft Video Converter
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Game Cam" = Game Cam 2.54.0.47
"GameSpy Arcade" = GameSpy Arcade
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"IC Card Reader Driver" = IC Card Reader Driver v1.9e2
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PDF Complete" = PDF Complete
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"ScreenshotCaptor_is1" = Screenshot Captor 2.77.01
"Shattered Galaxy" = Shattered Galaxy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"Usenet.nl_is1" = Usenet.nl
"VLC media player" = VLC media player 1.1.0
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- ---
Was soll ich jetzt tun? |
