Home » Viren, Trojaner & Malware Forum » Vermutlich Windows Restore eingefangen » Themenansicht

Vermutlich Windows Restore eingefangen
#0
08.04.2011, 16:04
CVN
Member

Beiträge: 47
#1 Hallo liebe Forumgemeinde!
Ich brauche mal wieder eure Hilfe ;)

Vor ein paar Minuten war ich auf einer zugegeben etwas dubiosen Seite unterwegs, auf der ich aber öfters bin, als plötzlich mein AntiVir Alarm schlägt:
3x mal "JAVA/Exdoer.BC.1 [virus]" und 2x "TR/Crypt.EPACK.Gen2 [trojan]", und zwar wurden allesamt im TEMP vom Internet Explorer gefunden.
Habe sofort alles gelöscht mit AntiVir und danach auch sofort alle Internetspuren beseitigt.

Nun ging aber folgende Warnmeldung auf:
"Hard Drive Failure.
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system."

Habe gelesen dass dies typisch für Windows Restore ist, eine Rogue-Malware.
Habe nun rkill.com die Prozesse gestoppt und die Fehlermeldung ist dadurch auch verschwunden.

Ich werde nun noch mal Malwarebytes drüber laufen lassen.
Was kann ich noch machen bzw wie ist das, ich würde jetzt eigentlich noch schnell meine neusten Daten sichern, kann ich das unbedenklich tun oder sollte man das lieber lassen, weil man sich den Virus mitziehen kann?

Vielen Dank im Voraus!
MfG
CVN
Seitenanfang Seitenende
09.04.2011, 13:14
CVN
Member

Themenstarter

Beiträge: 47
#2 So, ich habe jetzt einmal Antivir und Malwarebytes im abgesicherten Modus drüberlaufen lassen und es wurde nichts gefunden.
Grundsätzlich ist auch wieder alles normal am PC, bis auf eben, als ich ein Programm installieren wollte, folgende Meldung kam:

Zitat

The installer you are trying to use is corrupted or incomplete.
This could be the result of a damaged disk, a failed download or a virus.

You may want to contact the author of this installer to obtain a new copy.

It may be possible to skip this check using the /NCRC command line switch
(NOT RECOMMENDED).
Kann das noch mit dem Trojaner zusammenhängen oder ist das ein anderes Problem?

Grüße,
CVN
Seitenanfang Seitenende
09.04.2011, 16:29
Swisstreasure
Moderator

Beiträge: 5694
#3 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
09.04.2011, 17:34
CVN
Member

Themenstarter

Beiträge: 47
#4 Danke für die Antwort!
Hier mal die Logs von OTL, der Rest folgt noch.

Zitat

OTL logfile created on: 09.04.2011 17:20:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Test.PC-Florian_808\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 92,73 Gb Free Space | 32,48% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,16 Gb Free Space | 41,62% Space Free | Partition Type: NTFS

Computer Name: PC-FLORIAN_808 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.04.09 17:16:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Test.PC-Florian_808\Desktop\OTL.exe
PRC - [2010.10.27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.10.04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2008.09.23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.01.21 04:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.12.03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.20 14:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\SetPoint.exe
PRC - [2007.01.11 20:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2006.11.03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.03 18:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2004.10.26 22:46:34 | 008,740,864 | R--- | M] (Electronic Arts Inc.) -- C:\Programme\EA SPORTS\NBA LIVE 2005\nba2005.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011.04.09 17:16:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Test.PC-Florian_808\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010.11.27 23:01:33 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.02.03 15:23:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.10.04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.09.23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.12.03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.11.03 18:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009.12.24 12:31:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.30 09:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.27 11:07:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.10.23 07:45:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008.10.23 07:45:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.10.23 07:45:54 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.05.13 17:00:16 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2008.03.04 07:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008.03.04 07:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008.01.25 07:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.12.03 06:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.07 11:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007.06.25 11:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007.06.25 11:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007.06.25 11:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007.06.25 11:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007.06.25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007.01.11 20:15:26 | 000,028,048 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.01.11 20:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.01.11 20:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8521deef-1b16-11df-9368-002269c38455}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.03.29 13:48:19 | 000,000,000 | ---D | C] -- C:\Programme\F1
[2011.03.29 13:37:58 | 000,000,000 | ---D | C] -- C:\Programme\F1 2005
[2011.03.23 22:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision Value
[2011.03.23 22:43:49 | 000,000,000 | ---D | C] -- C:\Programme\Activision Value
[2011.03.23 22:34:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Soldier of Fortune 3 - Payback
[2006.11.03 18:07:06 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2006.11.03 18:07:04 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2006.11.03 18:07:02 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2006.10.11 19:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006.10.11 18:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006.10.11 18:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006.10.11 18:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006.10.11 18:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006.10.11 18:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006.10.11 18:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006.10.11 18:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006.10.11 18:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006.10.11 18:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006.10.11 18:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.04.09 16:48:26 | 000,126,600 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.09 16:48:26 | 000,126,600 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.09 16:14:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.09 16:14:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.09 12:21:29 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.09 12:21:29 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.09 12:21:29 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.09 12:21:29 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.09 12:14:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.09 12:14:44 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.08 20:41:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.08 19:52:36 | 000,283,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.08 18:51:59 | 000,008,268 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011.04.04 20:22:25 | 000,001,616 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.03.23 22:48:59 | 000,002,059 | ---- | M] () -- C:\Users\Admin\Desktop\Soldier of Fortune Payback.lnk
[2011.03.23 15:41:48 | 263,976,952 | ---- | M] () -- C:\Users\Admin\Desktop\Shw_11.1.zip

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.04.08 20:15:59 | 000,126,600 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.08 19:52:57 | 000,126,600 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.04.08 19:52:13 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.04 20:22:25 | 000,001,628 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.04.04 20:22:25 | 000,001,616 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.03.23 23:36:53 | 263,976,952 | ---- | C] () -- C:\Users\Admin\Desktop\Shw_11.1.zip
[2011.03.23 22:48:59 | 000,002,059 | ---- | C] () -- C:\Users\Admin\Desktop\Soldier of Fortune Payback.lnk
[2011.01.06 22:48:16 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.02 18:21:33 | 000,000,481 | ---- | C] () -- C:\Windows\eReg.dat
[2010.01.06 23:06:27 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2009.06.05 17:53:43 | 000,024,576 | ---- | C] () -- C:\Windows\UniFISH.exe
[2009.03.27 21:31:38 | 000,008,268 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009.03.23 23:36:57 | 000,000,038 | ---- | C] () -- C:\Windows\wininit.ini
[2009.02.20 21:03:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.17 15:52:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.17 15:52:11 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.02.11 14:41:02 | 000,000,313 | ---- | C] () -- C:\Windows\game.ini
[2009.02.06 14:40:47 | 000,029,184 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.03 23:40:43 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2009.02.03 23:37:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.03 23:37:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.03 15:47:56 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.02.03 15:06:44 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.02.03 15:01:17 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.02.03 15:01:16 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.02.06 08:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 09:15:58 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,283,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.28 11:31:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2006.10.20 20:57:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006.10.20 20:56:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006.10.20 20:55:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006.10.20 20:54:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006.10.20 20:48:38 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006.10.20 03:45:46 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006.10.20 03:45:36 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006.10.20 03:44:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006.10.20 02:37:54 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006.09.22 08:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006.09.06 07:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006.08.08 16:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006.04.24 16:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006.03.19 20:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.10.18 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.10.18 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2010.12.05 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010.02.18 20:05:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda
[2010.02.12 15:36:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPhoneExplorer
[2009.02.06 14:26:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010.12.06 12:55:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\tmp
[2010.12.25 13:44:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2011.04.08 20:41:20 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009.02.03 23:40:55 | 000,005,254 | R--- | M] () -- C:\dell.sdr
[2011.04.09 12:14:44 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2009.02.17 15:40:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.04.08 16:08:33 | 000,000,148 | ---- | M] () -- C:\mbam-error.txt
[2009.02.17 15:40:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.04.09 12:14:43 | 4069,675,008 | -HS- | M] () -- C:\pagefile.sys
[2011.04.08 15:56:50 | 000,000,562 | ---- | M] () -- C:\rkill.log

[color=#A23BEC]< %systemroot%\system32\*.wt >[/color]

[color=#A23BEC]< %systemroot%\system32\*.ruy >[/color]

[color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]

[color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

[color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]

[color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]
[2006.10.20 02:33:28 | 000,117,760 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\dlcxdrpp.dll
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

[color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]

[color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]

[color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]

[color=#A23BEC]< %systemroot%\*.scr >[/color]
[2009.07.10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[color=#A23BEC]< %systemroot%\*._sy >[/color]

[color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]

[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]
[1997.10.18 01:00:00 | 000,000,002 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\ArtGalry.cag

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini

[color=#A23BEC]< %APPDATA%\Update\*.* >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008.10.27 11:07:18 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009.02.03 23:26:16 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

[color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color]
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll


[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-23 20:25:14

< End of report >

Zitat

OTL Extras logfile created on: 09.04.2011 17:20:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Test.PC-Florian_808\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 92,73 Gb Free Space | 32,48% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,16 Gb Free Space | 41,62% Space Free | Partition Type: NTFS

Computer Name: PC-FLORIAN_808 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /x (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DAD41C3-200B-41E6-BF8B-D3DE9D4BAAF2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15A922A7-C41E-4345-9931-4D797F65B03C}" = rport=137 | protocol=17 | dir=out | app=system |
"{2BFA4258-DE89-450C-82D2-B4D3D5BEAB9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{30750399-10AA-44B4-A4A9-EAA78E7139BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3DD53901-7D46-4F3E-A439-CD2604DC338E}" = lport=138 | protocol=17 | dir=in | app=system |
"{4806349C-BA66-421D-A655-524253506B2E}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D1DBA28-DE55-4BCC-86C7-3D898FE07F35}" = lport=139 | protocol=6 | dir=in | app=system |
"{66D6C978-081E-4098-BCAF-83FB724B4D48}" = lport=137 | protocol=17 | dir=in | app=system |
"{6833B138-890E-47D1-8B39-C2BF2282848A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C71E7AD8-ED78-47D9-A374-8B750C8278F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB09AC43-A412-4FD5-934C-8B6D4C3D7E1A}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE0BEA21-B17B-4CA5-8B11-F596D0B2DD8A}" = rport=138 | protocol=17 | dir=out | app=system |
"{D069A7AD-D74B-4744-B677-02D9EA0557BB}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{EAC4DC57-B2BB-4875-9E10-5CB4EC2A97C1}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C9F047-A7FD-4DFA-8BFE-72F9E0C62F13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15759161-3797-4572-82A1-5522E91829BE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{17DA2B1B-43D8-413D-86AA-A4A0FE6C2BA0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{23522109-F495-4BC3-AC61-8A1D154DED3E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{270C6215-6216-4B9F-AD8C-2D53D55847D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2FA173DA-0126-47C1-A4AC-7B969A705572}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{35716EE4-614F-499E-98EF-E4A84862C9FB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{41488D4E-4F43-473A-A045-C2F5CE42181D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49707C1F-66C4-494B-9AC5-8F216260670F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{4A08B280-0DA8-426D-9EF4-31240425EE56}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{4EE370F0-F6F5-44A8-B72E-34476EDE1CDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{606AEE2B-EAFC-4FAC-92DB-708A4A1810E4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{62313F8D-AEBD-430B-832F-544CD5E9D3F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{63AC637D-A646-4352-A3A5-5D233B3BCBC1}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{64DE6202-1CE3-4968-8CD7-5F248BCF5547}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{67748B15-C7F7-4246-8B15-DF2ECBEB45BC}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{6DA24E55-BA66-4B69-A256-FF1A17A84877}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{740C6107-5AA3-47DC-9959-3A0F96EE8170}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\cvn_444\counter-strike source\hl2.exe |
"{95303232-BA7F-4937-8B65-D3AFDC325CC8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\cvn_444\counter-strike source\hl2.exe |
"{95C47814-98D8-4B0B-BD01-D2324545721A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{96DCAE46-24AB-4C0A-9D1C-80AF9850BA17}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9A5AE2D1-C0A3-480A-B051-B7333B966696}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9EF3E03F-D726-43D6-88CA-34C20BD35DCD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\cvn_444\day of defeat source\hl2.exe |
"{9F01D9A4-6BF0-4BDD-B793-4F45C3D5183D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F82E689-7B78-415B-B9D0-75C309661604}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{A96BBA59-3B2D-49B4-87BD-7A54BA1F837C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{AA6D7D70-5041-4D92-B152-C95BBF9D1EAB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\cvn_444\counter-strike source\hl2.exe |
"{B015E438-EB7B-4B57-914D-D45C628F2FBC}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{B8E3A95D-B5DA-457B-96DB-236FA92442A9}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{C1D12D11-B2EC-4ABA-B578-66CAEF9DD6E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CB431A5E-9FF1-4DA3-97C7-EAA7D1AD12CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1A4F68E-4D9D-4DFC-9F4F-9D428178E670}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{D51CDFFE-EB06-4045-9A96-EB355D26AEAB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{D551E121-3A09-4732-9CC7-8612D5C6DDB1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D6C2FFFA-D5CC-4F04-9211-89874341852A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{DCD8E028-23B1-42C1-AF58-4B48CC761AED}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{DD57AF71-D23A-49C7-AD82-D47E2A072A0A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\cvn_444\day of defeat source\hl2.exe |
"{E0E2560B-6F3A-44DB-91BC-E3DEB3034BBF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E9865329-DF52-426E-9E1B-FCB00B8F62EC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{EA92D0C1-FD9D-4702-B6B6-F1E40C906D75}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F0054578-C0BE-414C-A1EB-95DAD1A2D940}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\cvn_444\counter-strike source\hl2.exe |
"{F10E86FA-2865-4629-809C-0C7284B67023}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{FB8AC1BC-21FA-4B8D-90D2-D75545DF0334}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{FD974B7A-4E43-47EA-BDF7-F0212B5905BA}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{FFAF0974-5617-4B22-926B-599204C06037}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0246C281-1B09-41CF-AAA2-08D41847F959}C:\program files\activision value\soldier of fortune payback\sof3.exe" = protocol=6 | dir=in | app=c:\program files\activision value\soldier of fortune payback\sof3.exe |
"TCP Query User{03CA7E29-FACF-4608-B935-71A060070464}C:\users\admin\desktop\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\blobby\volley.exe |
"TCP Query User{03E40F8B-C85C-4F61-9F41-CA6F6937FBCE}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat |
"TCP Query User{06F488DE-C9C5-456D-8FD0-BEFACE541CB6}C:\program files\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\need for speed most wanted\speed.exe |
"TCP Query User{07D93A14-A40B-4BFF-9A9C-15961FA61911}C:\program files\devolo\informer\devinf.exe" = protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"TCP Query User{0DFFAA5B-7143-4A5F-B0A0-F71FCCF7D4D0}C:\program files\cs1.6\hltv.exe" = protocol=6 | dir=in | app=c:\program files\cs1.6\hltv.exe |
"TCP Query User{108F8A3B-1114-4D6C-8F6C-B8A427AE3E40}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{1205C1B8-2634-4CB4-831A-AAE07CD4A780}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{1B0ECB4D-852F-4CCA-AF9F-7CE518FA83E5}C:\users\admin\desktop\ct\ct.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\ct\ct.exe |
"TCP Query User{26B6EDB4-F75D-481E-AFD3-EB5D87DC5028}C:\users\test.pc-florian_808\desktop\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\test.pc-florian_808\desktop\blobby\volley.exe |
"TCP Query User{322F6187-6894-49FE-AAD9-8483FF7C6569}C:\program files\steam\steamapps\cvn_444\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\cvn_444\day of defeat source\hl2.exe |
"TCP Query User{3CB94830-8B0F-495D-97B5-FDF4D9D0501F}C:\program files\hasbro interactive\trivial pursuit\tp.exe" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\trivial pursuit\tp.exe |
"TCP Query User{4DBBC286-F5D9-4042-AE37-FB2C71CEF537}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{56688C99-F80E-4354-BA90-24A46DF738E5}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{599B3E51-D2ED-445B-9574-8AAD923FFCCF}C:\users\admin\desktop\ct\ct.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\ct\ct.exe |
"TCP Query User{5C80A089-5238-4E1C-9216-DBE0A63ABA07}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat |
"TCP Query User{6649DC02-D5F0-42D9-AF03-B5298E3DCE6C}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{68F3B243-5452-4796-891B-8BFB575AEAC8}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat |
"TCP Query User{6E58CE84-BB0C-49BD-AFDA-4126D01465AF}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{6ED1105A-14F9-40D9-9097-4B62877CA06B}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{71E94E99-728A-4A83-988D-4EAC2ED3C639}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{7C653768-5D33-467B-862B-33F2CD71F310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{7F0C9A08-3927-44F2-A06B-CC60DA2B4BCE}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{8193CDFE-222B-42F1-8751-FCD591507A28}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{87D9902F-F953-48CB-9CC5-AE10A6A31D90}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{912722AC-BA8B-4C93-8DA1-FE7F45E73AC3}C:\users\test.pc-florian_808\desktop\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\test.pc-florian_808\desktop\blobby\volley.exe |
"TCP Query User{94BF34C4-1900-469E-BE1A-91DEA6E8D394}C:\program files\unreal tournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament\system\unrealtournament.exe |
"TCP Query User{A03FE34E-0B66-4BB5-84E0-CED7EB158274}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{A81D2CD1-AA59-458F-9D67-012C3E5131EB}C:\program files\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\half-life\hl.exe |
"TCP Query User{BC2B9103-93AE-4160-B486-35909C138BFD}C:\users\admin\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe |
"TCP Query User{BD9FBF65-F77C-430D-A88F-2EE1D481DB9B}C:\program files\unreal tournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament\system\unrealtournament.exe |
"TCP Query User{C0B5B1EE-3C40-4A53-933E-6EAF5848ABB7}C:\users\admin\desktop\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\blobby\volley.exe |
"TCP Query User{C750DE2B-357E-49E9-9C5A-5A0CDEDF6247}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{D1D38A44-C86A-4A15-B61D-63969D5C90C1}C:\program files\codemasters\operationflashpoint\operationflashpoint.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\operationflashpoint\operationflashpoint.exe |
"TCP Query User{D23CFE2C-4712-4C89-A0C1-965CD3B6CF77}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat |
"TCP Query User{E81BD094-2D60-4B11-BF1E-2A2E132600F0}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{F008EBB4-1BC6-4B48-A68B-D2059D11D80E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F04C274B-BD4A-4356-A764-5DC4AFB10DE2}C:\program files\cs1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\cs1.6\hl.exe |
"TCP Query User{F35BB3A2-DB6F-4E48-A204-D1D30EAE07D9}C:\program files\hasbro interactive\trivial pursuit\tp.exe" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\trivial pursuit\tp.exe |
"UDP Query User{088DCBD3-9316-4F97-80BF-7A092D91F979}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat |
"UDP Query User{1651248C-EF2F-4664-ACB9-81E5A2F82340}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{181C5435-E87D-49D1-9F5B-78DA08A8C6B8}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat |
"UDP Query User{1FCC7D37-807B-427B-9673-6F6630FB940C}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{251B3B4E-3797-41D1-A9C4-8339DFBCBDE5}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{2A87CE94-1A3D-43A9-9319-21A3A22CFC68}C:\program files\cs1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\cs1.6\hl.exe |
"UDP Query User{2D8569CC-0CB3-4B05-BA77-BCAE21EC73A2}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{31E895CD-0524-45E5-999C-8E94E2AB51E4}C:\program files\devolo\informer\devinf.exe" = protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"UDP Query User{345F99C6-47D3-4347-9B26-690AC53D7EE7}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{39A28A15-3C72-401C-99C6-6CD8BAEF5F8D}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{3D6D1FE4-BBF1-42AB-A9CF-38E06B6308DF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3EA49F4A-E0C2-4B12-9262-7791A2FA77FE}C:\program files\hasbro interactive\trivial pursuit\tp.exe" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\trivial pursuit\tp.exe |
"UDP Query User{4435F387-56B9-441E-BC13-23A435076DA3}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat |
"UDP Query User{4A1F6A71-9015-48D8-9090-36AF2DDE57E7}C:\program files\unreal tournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament\system\unrealtournament.exe |
"UDP Query User{4ABBB5DA-EAED-4D3B-AB50-765B1FED485E}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{4DBF0CC2-30F5-4451-88FF-DF630555900A}C:\program files\steam\steamapps\cvn_444\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\cvn_444\day of defeat source\hl2.exe |
"UDP Query User{4EDA2B95-87FF-420C-A6BF-B3DDA7230A4D}C:\users\admin\desktop\ct\ct.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\ct\ct.exe |
"UDP Query User{5BC2ED73-792B-438A-8DA4-D121A428CF6B}C:\users\admin\desktop\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\blobby\volley.exe |
"UDP Query User{638A46F3-3532-4CE2-93FE-5F96B72681A3}C:\program files\unreal tournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament\system\unrealtournament.exe |
"UDP Query User{675DB1C4-B58A-4349-B420-9ADF0DFC9D2F}C:\program files\cs1.6\hltv.exe" = protocol=17 | dir=in | app=c:\program files\cs1.6\hltv.exe |
"UDP Query User{7A9028D5-DE4E-4863-AE13-077D6814C39B}C:\users\test.pc-florian_808\desktop\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\test.pc-florian_808\desktop\blobby\volley.exe |
"UDP Query User{7FA89435-4D12-476D-9C44-F15ED6DBF50E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{8FD4290A-9FBA-4CE0-9DBC-B5E5F565880D}C:\users\test.pc-florian_808\desktop\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\test.pc-florian_808\desktop\blobby\volley.exe |
"UDP Query User{A88C15F4-5806-4F6A-9FBC-CA41405C939E}C:\program files\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\half-life\hl.exe |
"UDP Query User{AA2FC4BC-6486-4800-B98C-60746FB03A92}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{ABB72A65-10E6-4953-B4AD-5F7D6676AC74}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat |
"UDP Query User{AE634FE5-2CE0-408D-9149-0F578A591F5C}C:\users\admin\desktop\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\blobby\volley.exe |
"UDP Query User{B5BA8583-0BE3-4490-A326-DEE31BB31D01}C:\program files\activision value\soldier of fortune payback\sof3.exe" = protocol=17 | dir=in | app=c:\program files\activision value\soldier of fortune payback\sof3.exe |
"UDP Query User{B5ED19BE-F662-4311-A9F4-A88E6E8EEF8F}C:\program files\codemasters\operationflashpoint\operationflashpoint.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\operationflashpoint\operationflashpoint.exe |
"UDP Query User{BE33F7EC-530F-4EC3-AB13-3822B081DCFC}C:\users\admin\desktop\ct\ct.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\ct\ct.exe |
"UDP Query User{BEBB903C-3A13-4AFE-940C-F9DEE5C7900F}C:\program files\hasbro interactive\trivial pursuit\tp.exe" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\trivial pursuit\tp.exe |
"UDP Query User{C8896304-4863-4DD3-B7B1-4C6B077F3D6D}C:\program files\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\need for speed most wanted\speed.exe |
"UDP Query User{CA863ABC-3B8F-4294-8CD7-32225B5E639F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CD692968-7CE7-4898-A29B-16D1E78A4B12}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{DC84CED0-6A1B-4D1E-94AF-E2C03CC84A6C}C:\users\admin\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe |
"UDP Query User{E037833D-2251-4389-B10B-F9216782FB90}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{E2214790-26C3-4819-9F12-ACFB3343C35A}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{E3180940-B8B6-452A-BABC-2B5A66D6402B}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{F56FC070-CD54-434F-9EB7-904D608085D2}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{11BFB898-71E5-488A-A8FF-0E462667FB72}" = Soldier of Fortune Payback
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{28CC29B1-2F66-4671-0081-651745DB4A2E}" = NBA LIVE 2005
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java(TM) SE Development Kit 6 Update 14
"{35A3A4F4-B792-11D6-A78A-00B0D0142060}" = Java 2 SDK, SE v1.4.2_06
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1DC8D4-9FA4-43C3-00B3-5993B4BBE7D4}" = FIFA 2003
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{766FF098-68AB-48BE-BF41-05708D178198}" = Wer wird Millionär
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C31C79CA-EA60-4F9F-8FFB-749D778C134F}" = Tennis Masters Series 2003
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"DivX Setup.divx.com" = DivX-Setup
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.01.1190" = Opera 11.01
"Operation Flashpoint" = Operation Flashpoint uninstall
"PHP Coder_is1" = PHP Coder Release R2 Final PreRelease 3
"PokerStars" = PokerStars
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Tomb Raider: Underworld Demo" = Tomb Raider: Underworld Demo 1.0
"Trivial Pursuit" = Trivial Pursuit
"TVUPlayer" = TVUPlayer 2.5.2.2
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VideoLAN VLC media player 0.8.6h
"vShare" = vShare Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"sc11-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 11
"ShockWave V0.95" = ShockWave V0.95

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 24.03.2011 15:37:07 | Computer Name = PC-Florian_808 | Source = WinMgmt | ID = 10
Description =

Error - 24.03.2011 18:20:20 | Computer Name = PC-Florian_808 | Source = EventSystem | ID = 4621
Description =

Error - 25.03.2011 07:39:35 | Computer Name = PC-Florian_808 | Source = WinMgmt | ID = 10
Description =

Error - 25.03.2011 10:29:59 | Computer Name = PC-Florian_808 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung opera.exe, Version 9.63.10476.0, Zeitstempel
0x4940357c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000096, Fehleroffset 0x00333343, Prozess-ID 0x12a0, Anwendungsstartzeit
01cbeae1e0201e56.

Error - 25.03.2011 10:30:36 | Computer Name = PC-Florian_808 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung opera.exe, Version 9.63.10476.0, Zeitstempel
0x4940357c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000096, Fehleroffset 0x0035629b, Prozess-ID 0x2170, Anwendungsstartzeit
01cbeaf925058ac6.

Error - 25.03.2011 13:11:51 | Computer Name = PC-Florian_808 | Source = EventSystem | ID = 4621
Description =

Error - 26.03.2011 07:37:33 | Computer Name = PC-Florian_808 | Source = WinMgmt | ID = 10
Description =

Error - 26.03.2011 09:28:36 | Computer Name = PC-Florian_808 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung speed.exe, Version 0.0.0.0, Zeitstempel 0x4366dae4,
fehlerhaftes Modul speed.exe, Version 0.0.0.0, Zeitstempel 0x4366dae4, Ausnahmecode
0xc0000005, Fehleroffset 0x000229fc, Prozess-ID 0x1674, Anwendungsstartzeit 01cbebb51336dca1.

Error - 26.03.2011 09:28:56 | Computer Name = PC-Florian_808 | Source = | ID = 0
Description =

Error - 26.03.2011 09:28:56 | Computer Name = PC-Florian_808 | Source = | ID = 0
Description =

[ Broadcom Wireless LAN Events ]
Error - 06.04.2011 17:48:10 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 23:48:10, Wed, Apr 06, 11 Error - User "" does not have administrative
privileges on this system

Error - 06.04.2011 17:48:10 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 23:48:10, Wed, Apr 06, 11 Error - User "" does not have administrative
privileges on this system

Error - 07.04.2011 15:53:28 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 21:53:28, Thu, Apr 07, 11 Error - User "" does not have administrative
privileges on this system

Error - 07.04.2011 15:53:28 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 21:53:28, Thu, Apr 07, 11 Error - User "" does not have administrative
privileges on this system

Error - 07.04.2011 16:42:03 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 22:42:03, Thu, Apr 07, 11 Error - User "" does not have administrative
privileges on this system

Error - 07.04.2011 16:42:03 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 22:42:03, Thu, Apr 07, 11 Error - User "" does not have administrative
privileges on this system

Error - 08.04.2011 12:01:33 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 18:01:33, Fri, Apr 08, 11 Error - User "" does not have administrative
privileges on this system

Error - 08.04.2011 12:01:33 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 18:01:33, Fri, Apr 08, 11 Error - User "" does not have administrative
privileges on this system

Error - 08.04.2011 14:41:15 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 20:41:15, Fri, Apr 08, 11 Error - User "" does not have administrative
privileges on this system

Error - 08.04.2011 14:41:15 | Computer Name = PC-Florian_808 | Source = WLAN-Tray | ID = 0
Description = 20:41:15, Fri, Apr 08, 11 Error - User "" does not have administrative
privileges on this system

[ System Events ]
Error - 08.04.2011 12:04:19 | Computer Name = PC-Florian_808 | Source = Service Control Manager | ID = 7026
Description =

Error - 08.04.2011 12:04:19 | Computer Name = PC-Florian_808 | Source = Service Control Manager | ID = 7001
Description =

Error - 08.04.2011 12:04:19 | Computer Name = PC-Florian_808 | Source = Service Control Manager | ID = 7001
Description =

Error - 08.04.2011 12:04:19 | Computer Name = PC-Florian_808 | Source = Service Control Manager | ID = 7001
Description =

Error - 08.04.2011 12:04:19 | Computer Name = PC-Florian_808 | Source = Service Control Manager | ID = 7001
Description =

Error - 08.04.2011 12:04:52 | Computer Name = PC-Florian_808 | Source = Service Control Manager | ID = 7001
Description =

Error - 08.04.2011 13:52:28 | Computer Name = PC-Florian_808 | Source = HTTP | ID = 15016
Description =

Error - 08.04.2011 13:53:56 | Computer Name = PC-Florian_808 | Source = DCOM | ID = 10016
Description =

Error - 09.04.2011 06:14:51 | Computer Name = PC-Florian_808 | Source = HTTP | ID = 15016
Description =

Error - 09.04.2011 06:16:00 | Computer Name = PC-Florian_808 | Source = DCOM | ID = 10016
Description =


< End of report >
Gruß,
CVN
Seitenanfang Seitenende
10.04.2011, 19:21
Swisstreasure
Moderator

Beiträge: 5694
#5 AntiVir - Funde rauskopieren

Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse
Typ anklicken, damit die Ereignisse nach Typart sortiert werden.
Jeden Fund markieren (nicht alle Ereignisse, nur Funde) => Rechtsklick auf Funde => Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.
Seitenanfang Seitenende
10.04.2011, 20:59
CVN
Member

Themenstarter

Beiträge: 47
#6 Hier, bitteschön:

Exported events:

08.04.2011 15:50 [Guard] Malware found
Virus or unwanted program 'JAVA/Exdoer.BC.1 [virus]'
detected in file
'C:\Users\Test.PC-Florian_808\AppData\Local\Temp\jar_cache5190352773877334548.tm
p.
Action performed: Delete file

08.04.2011 15:50 [Guard] Malware found
Virus or unwanted program 'JAVA/Exdoer.BC.1 [virus]'
detected in file
'C:\Users\Test.PC-Florian_808\AppData\Local\Temp\jar_cache5190352773877334548.tm
p.
Action performed: Delete file

08.04.2011 15:50 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.EPACK.Gen2 [trojan]'
detected in file
'C:\Users\Test.PC-Florian_808\AppData\Local\Temp\Adobe_Flash_Player.exe.
Action performed: Delete file

08.04.2011 15:50 [Guard] Malware found
Virus or unwanted program 'JAVA/Exdoer.BC.1 [virus]'
detected in file
'C:\Users\Test.PC-Florian_808\AppData\Local\Temp\jar_cache5190352773877334548.tm
p.
Action performed: Delete file

08.04.2011 15:49 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.EPACK.Gen2 [trojan]'
detected in file
'C:\Users\Test.PC-Florian_808\AppData\Local\Temp\Adobe_Flash_Player.exe.
Action performed: Delete file

Zu dem anderen Scan komm ich im Moment noch nicht, weil er ziemlich zeitaufwendig ist.
Mein PC läuft zur Zeit ganz normal von der Geschwindigkeit her und es scheint alles in Ordnung.
Ich denk das ist auch wichtig zu wissen für Sie.

Danke!
Grüße,
CVN
Seitenanfang Seitenende
10.04.2011, 21:37
Swisstreasure
Moderator

Beiträge: 5694
#7 Dann mach wenn Du Zeit hast.
Seitenanfang Seitenende
12.04.2011, 17:54
CVN
Member

Themenstarter

Beiträge: 47
#8 So, ich hab mir jetzt die Zeit genommen, den Test zu machen, jedoch hängt sich das Programm jedes mal nach ca. 3 Minuten schon auf.
Was kann ich jetzt tun? Hab es vier mal probiert, aber jedes Mal kommt die Meldung von Windows, dass das Programm nicht mehr funktioniert.

Grüße,
CVN
Seitenanfang Seitenende
12.04.2011, 18:41
Swisstreasure
Moderator

Beiträge: 5694
#9 Bei GMER meinst Du oder?
Seitenanfang Seitenende
12.04.2011, 19:00
CVN
Member

Themenstarter

Beiträge: 47
#10 Achso, ja, genau. OTL hatte ich ja schon laufen lassen und die Logs gepostet.
Seitenanfang Seitenende
12.04.2011, 21:03
Swisstreasure
Moderator

Beiträge: 5694
#11 ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
Seitenanfang Seitenende
13.04.2011, 18:06
CVN
Member

Themenstarter

Beiträge: 47
#12 Hier mal ein Log von meinen Scans. Mehrzahl, da ich immer stückweise gescannt hab aufgrund von Zeitproblemen.

Zitat

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=aec2785b4c8fdc468eac38f98a3a06e1
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-12 10:10:52
# local_time=2011-04-13 12:10:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 287772 75293570 76548 0
# compatibility_mode=5892 16776573 100 100 1727425 140168183 0 0
# compatibility_mode=8192 67108863 100 0 178 178 0 0
# scanned=178677
# found=1
# cleaned=1
# scan_time=10797
C:\Users\Admin\Downloads\MyPhoneExplorer_Setup_1.7.5.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=aec2785b4c8fdc468eac38f98a3a06e1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-13 02:43:03
# local_time=2011-04-13 04:43:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 354076 75359874 56453 0
# compatibility_mode=5892 16776573 100 100 1793729 140234487 0 0
# compatibility_mode=8192 67108863 100 0 66482 66482 0 0
# scanned=100848
# found=0
# cleaned=0
# scan_time=4024
Der gefundene Trojaner dürfte Fehlalarm sein. Das ist ein Programm, das ich von Chip runtergeladen hab und zum Speichern von Handysachen wie SMS ist.

Grüße,
CVN
Seitenanfang Seitenende
13.04.2011, 19:50
Swisstreasure
Moderator

Beiträge: 5694
#13 Und noch Probleme?
Seitenanfang Seitenende
13.04.2011, 20:11
CVN
Member

Themenstarter

Beiträge: 47
#14 Probleme gabs ja eigentlich keine, bis auf die eine komische Meldung die beim Installieren von so ner Software kam:

Zitat

The installer you are trying to use is corrupted or incomplete.
This could be the result of a damaged disk, a failed download or a virus.

You may want to contact the author of this installer to obtain a new copy.

It may be possible to skip this check using the /NCRC command line switch
(NOT RECOMMENDED).
Aber so wies aussieht hat die Meldung ja nichts mit dem Trojaner zu tun, da diverse Scans ja keine Trojaner gefunden haben ;)
Ich hoffe das kann man jetzt so pauschal mal sagen ;)

Danke für deine Hilfe *thumbs up*
Grüße,
CVN
Seitenanfang Seitenende
13.04.2011, 22:13
Swisstreasure
Moderator

Beiträge: 5694
#15 Kam das nur bei einem Programm?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12