| |
| |||||||
Log-Analyse und Auswertung: Problem mit LAN-Verbindungen - Virenproblem oder nicht?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.08.2012, 20:55
| #1 |
 |  Problem mit LAN-Verbindungen - Virenproblem oder nicht? Hallo, hier kommt mein erstes Posting. Ich bin echt ratlos, was meinen privaten Rechner betrifft (Windows-Vista 32 bit) und weiß leider nicht, ob es ein Windows- oder gar ein Schädlingsproblem ist. Es dauert ungewöhnlich lange (30 s ... 1 min), bis der Browser eine Verbindung aufbaut. Das heißt, ich starte den Browser, öffne einen Tab und dann kann ich warten. Andere Programme bekommen genauso schlecht eine Verbindung, z. B. kommt Windows-Update nach dem Anstecken neuer Geräte selbst über 24 Stunden nicht zu einem Ende. Ich bin über ein LAN-Kabel via VDSL50 ans Internet angebunden. Andere Rechner, die über WLAN ins Internet gehen, sind von dem Problem nicht betroffen, IPTV (T-Home, also Fernsehen) läuft ebenfalls tadellos). Gebe ich statt der www-Adresse eine IP-Adressen in der Adresszeile ein, ist die Verbindung zur Webseite innerhalb von Sekunden hergestellt. Ich dachte daher zunächst an ein DNS-Problem des Providers, jedoch kann ich den primären und sekundären DNS-Server ohne Probleme anpingen, der Befehl nslookup bringt bei allen abgefragten Adressen sofort eine Rückmeldung. Das ist also eher nicht das Problem. Was mich stutzig macht: a) Wenn ich in der Systemsteuerung das Netzwerk- und Freigabecenter aufrufe kommt eine leere Seite und der Rechner hängt. Nach einiger Zeit stürzt Explorer.exe ab. Ich habe Probelem bei der netcenter.dll vermutet und diese über regsvr32 netcenter.dll neu registiert. Hat nichts gebracht, habe daher sfc /scannow ausgeführt, hat aber auch keine Änderung gebracht. Im Internet habe ich gelesen, dass Abstürze der Explorer.exe mit Viren & co. zu tun haben können, das gibt mir zu denken. b) Spybot search & destroy kann nichts finden. Ein Virenscan mit Avira Antivir hat ergeben, dass EXP/CVE-2010-0840.FH gefunden wurde. Allerdings bei einem Benutzer der niemals Adminrechte hat. Ich mache regelmäßig Updates der Java-Versionen, momentan bin ich bei Java 6 Update 33, die alten Java-Versionen deinstalliere ich immer. c) Ich habe eine Spam-E-Mail bekommen, die als Empfänger mein Passwort anführt. Da ich dieses Passwort aber in vielen Shops seit Jahren benutzt habe, kann auch gut irgendeine der zig Datenbanken kompromittiert worden sein. Was bleibt ist ein ungutes Gefühl. Mir wäre sehr geholfen, wenn jemand so freundlich ist und einen Blick in die Logs wirft, ob sich da etwas Ungewöhnliches findet. Ich habe defogger, OTL und Gmer über den Rechner laufen lassen, hier sich die Logs und bereits an dieser Stelle vielen Dank im Voraus für jeden Tipp: OTL logfile created on: 12.08.2012 08:50:10 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\kreien\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 56,46% Memory free 6,70 Gb Paging File | 5,32 Gb Available in Paging File | 79,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,80 Gb Total Space | 85,71 Gb Free Space | 36,82% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 232,79 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 7,05 Gb Free Space | 1,51% Space Free | Partition Type: NTFS Drive G: | 254,52 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 3,73 Gb Total Space | 0,06 Gb Free Space | 1,65% Space Free | Partition Type: NTFS Computer Name: KREIEN-PC | User Name: kreien | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.12 08:43:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\kreien\Desktop\OTL.exe PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.10 12:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe PRC - [2012.07.04 08:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.07.04 08:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.07.04 01:34:42 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012.04.05 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Programme\ATI Technologies\HydraVision\HydraDM.exe PRC - [2012.03.30 04:18:51 | 003,537,920 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe PRC - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.29 20:54:58 | 000,505,264 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe PRC - [2010.05.25 16:09:26 | 000,289,792 | ---- | M] (Mediafour Corporation) -- C:\Programme\Mediafour\MacDrive 8\MacDrive.exe PRC - [2010.05.21 00:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2010.05.21 00:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe PRC - [2010.05.21 00:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2010.05.21 00:56:12 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-tray.exe PRC - [2010.05.04 14:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.21 04:22:44 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.07.04 07:09:18 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2012.07.04 01:34:48 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2012.07.04 01:16:08 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012.06.14 08:01:17 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll MOD - [2012.06.14 07:59:49 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.14 07:57:40 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 07:57:34 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 07:57:16 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 07:56:08 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.10 14:16:35 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll MOD - [2012.05.10 07:54:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 07:54:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.10 07:52:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.10 07:52:15 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll MOD - [2012.05.10 07:52:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.10 07:51:49 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.10 07:51:40 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.10 07:51:19 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.03.21 14:10:22 | 002,941,440 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll MOD - [2012.03.09 09:46:20 | 000,110,080 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_36_Win32.dll MOD - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe MOD - [2012.01.07 10:54:16 | 000,047,616 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy_04.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.08.04 17:37:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.11 16:34:54 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012.07.04 08:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.07.04 01:34:42 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.29 20:54:58 | 000,505,264 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc) SRV - [2010.05.21 00:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.05.21 00:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010.05.21 00:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2010.05.20 23:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.05.04 14:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service) SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2010.04.27 16:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.01.21 04:23:48 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.07.04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.07.04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.07.04 07:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.06.16 23:11:39 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2012.06.16 23:11:39 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2012.04.29 09:26:56 | 000,363,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2012.03.05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01) DRV - [2011.08.03 23:18:48 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2010.12.16 06:06:46 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.21 00:56:56 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2010.05.21 00:56:56 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2010.05.21 00:55:04 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2010.05.21 00:53:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2010.05.20 23:40:08 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2010.05.20 21:19:20 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2010.05.20 21:19:20 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2010.05.18 09:07:04 | 000,232,040 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT) DRV - [2010.04.28 15:36:56 | 000,028,512 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT) DRV - [2010.04.27 16:41:40 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2010.03.10 04:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.02.08 09:54:42 | 000,028,208 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb) DRV - [2010.01.13 12:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.02.25 18:58:56 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPEWSFXBULK) DRV - [2008.08.06 14:05:40 | 000,018,432 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ubfwnet6.sys -- (UBFWNet6) DRV - [2008.08.06 13:53:28 | 000,039,424 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\UBUMAPI.sys -- (ubumapi) DRV - [2008.08.06 13:52:58 | 000,017,408 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\UBSBM.sys -- (ubsbm) DRV - [2008.08.06 13:48:00 | 000,114,688 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ubohci.sys -- (ubohci) DRV - [2008.01.21 04:21:35 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mf.sys -- (mf) DRV - [2007.10.12 10:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2007.05.31 08:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial) DRV - [2006.12.19 11:52:36 | 000,081,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar) DRV - [2006.12.19 11:50:42 | 000,063,488 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NmSerial.sys -- (nmserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {001192E5-0691-4293-96B9-4014A786E411} IE - HKCU\..\SearchScopes\{001192E5-0691-4293-96B9-4014A786E411}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {271A3CF5-5A54-447B-A08F-BE805F0DA60A}:3.3.5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.04 17:37:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 23:15:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.04 17:37:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 23:15:02 | 000,000,000 | ---D | M] [2010.05.29 21:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kreien\AppData\Roaming\mozilla\Extensions [2011.05.21 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kreien\AppData\Roaming\mozilla\Firefox\Profiles\tizvc4dg.default\extensions [2010.08.06 22:39:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kreien\AppData\Roaming\mozilla\Firefox\Profiles\tizvc4dg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.08 22:44:26 | 000,000,000 | ---D | M] (DDBAC) -- C:\Users\kreien\AppData\Roaming\mozilla\Firefox\Profiles\tizvc4dg.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A} [2012.06.16 23:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.16 23:15:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.06.16 23:15:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.04 17:37:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.08 12:34:40 | 000,403,693 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13965 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab (B+S Banksysteme AG DDBAC Plug-In) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C565974-48F4-47D0-8626-EE59D1DCC2EB}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.03.12 08:06:58 | 000,000,049 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{894a0713-6786-11df-89c5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{894a0713-6786-11df-89c5-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Launcher.exe -- [2011.02.21 15:31:04 | 010,056,560 | R--- | M] (EIZO NANAO CORPORATION) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.12 08:43:33 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\kreien\Desktop\OTL.exe [2012.08.11 18:27:43 | 000,000,000 | ---D | C] -- C:\Users\kreien\AppData\Roaming\Avira [2012.08.11 18:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.11 18:19:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.08.11 18:19:17 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.08.11 18:19:17 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.08.11 18:19:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.08.11 18:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.08.11 18:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.08.04 18:02:59 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2012.08.04 18:02:57 | 007,783,768 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2012.08.04 18:02:57 | 007,161,696 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2012.08.04 18:02:57 | 001,185,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll [2012.08.04 18:02:57 | 000,709,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll [2012.08.04 18:02:57 | 000,351,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2012.08.04 18:02:57 | 000,350,552 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2012.08.04 18:02:57 | 000,105,824 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2012.08.04 18:02:57 | 000,091,488 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2012.08.04 18:02:57 | 000,061,792 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2012.08.04 18:02:56 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.08.04 18:02:56 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll [2012.08.04 18:02:56 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll [2012.08.04 18:02:56 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll [2012.08.04 17:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012.08.04 17:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.08.04 17:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012.08.04 17:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center ========== Files - Modified Within 30 Days ========== [2012.08.12 08:47:06 | 000,000,000 | ---- | M] () -- C:\Users\kreien\defogger_reenable [2012.08.12 08:45:21 | 000,302,592 | ---- | M] () -- C:\Users\kreien\Desktop\pclei82e.exe [2012.08.12 08:43:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\kreien\Desktop\OTL.exe [2012.08.12 08:42:37 | 000,050,477 | ---- | M] () -- C:\Users\kreien\Desktop\Defogger.exe [2012.08.12 08:33:41 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.08.12 08:33:25 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 08:33:25 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 08:33:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.12 08:33:16 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys [2012.08.11 18:24:29 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.11 16:59:51 | 000,000,680 | ---- | M] () -- C:\Users\kreien\AppData\Local\d3d9caps.dat [2012.08.11 09:20:55 | 000,317,272 | ---- | M] () -- C:\Users\kreien\AppData\Local\census.cache [2012.08.11 09:20:39 | 000,201,769 | ---- | M] () -- C:\Users\kreien\AppData\Local\ars.cache [2012.08.11 08:51:17 | 000,000,036 | ---- | M] () -- C:\Users\kreien\AppData\Local\housecall.guid.cache [2012.08.04 18:02:59 | 001,725,784 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2012.08.04 18:02:57 | 007,783,768 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2012.08.04 18:02:57 | 007,161,696 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2012.08.04 18:02:57 | 001,185,112 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll [2012.08.04 18:02:57 | 000,709,976 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll [2012.08.04 18:02:57 | 000,351,072 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2012.08.04 18:02:57 | 000,350,552 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2012.08.04 18:02:57 | 000,293,889 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.08.04 18:02:57 | 000,105,824 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2012.08.04 18:02:57 | 000,091,488 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2012.08.04 18:02:57 | 000,061,792 | ---- | M] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2012.08.04 18:02:56 | 002,193,472 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.08.04 18:02:56 | 000,421,744 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll [2012.08.04 18:02:56 | 000,398,192 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll [2012.08.04 18:02:56 | 000,335,216 | ---- | M] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll [2012.07.18 23:06:03 | 000,710,756 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012.07.18 23:06:03 | 000,706,176 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012.07.18 23:06:03 | 000,696,782 | ---- | M] () -- C:\Windows\System32\prfh0816.dat [2012.07.18 23:06:03 | 000,694,872 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2012.07.18 23:06:03 | 000,680,612 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2012.07.18 23:06:03 | 000,636,060 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2012.07.18 23:06:03 | 000,628,922 | ---- | M] () -- C:\Windows\System32\perfh01F.dat [2012.07.18 23:06:03 | 000,490,644 | ---- | M] () -- C:\Windows\System32\perfh014.dat [2012.07.18 23:06:03 | 000,413,454 | ---- | M] () -- C:\Windows\System32\perfh012.dat [2012.07.18 23:06:03 | 000,382,868 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2012.07.18 23:06:03 | 000,373,170 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2012.07.18 23:06:03 | 000,151,062 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012.07.18 23:06:03 | 000,149,474 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012.07.18 23:06:03 | 000,148,740 | ---- | M] () -- C:\Windows\System32\prfc0816.dat [2012.07.18 23:06:03 | 000,147,160 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2012.07.18 23:06:03 | 000,143,124 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2012.07.18 23:06:03 | 000,139,024 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2012.07.18 23:06:03 | 000,136,810 | ---- | M] () -- C:\Windows\System32\perfc01F.dat [2012.07.18 23:06:03 | 000,119,616 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2012.07.18 23:06:03 | 000,119,610 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2012.07.18 23:06:03 | 000,097,572 | ---- | M] () -- C:\Windows\System32\perfc014.dat [2012.07.18 23:06:02 | 000,711,944 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012.07.18 23:06:02 | 000,710,022 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2012.07.18 23:06:02 | 000,705,306 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012.07.18 23:06:02 | 000,673,822 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.18 23:06:02 | 000,648,580 | ---- | M] () -- C:\Windows\System32\perfh00E.dat [2012.07.18 23:06:02 | 000,636,622 | ---- | M] () -- C:\Windows\System32\perfh005.dat [2012.07.18 23:06:02 | 000,634,626 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.18 23:06:02 | 000,602,012 | ---- | M] () -- C:\Windows\System32\perfh008.dat [2012.07.18 23:06:02 | 000,503,306 | ---- | M] () -- C:\Windows\System32\perfh006.dat [2012.07.18 23:06:02 | 000,475,946 | ---- | M] () -- C:\Windows\System32\perfh00B.dat [2012.07.18 23:06:02 | 000,475,230 | ---- | M] () -- C:\Windows\System32\perfh001.dat [2012.07.18 23:06:02 | 000,400,092 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2012.07.18 23:06:02 | 000,389,026 | ---- | M] () -- C:\Windows\System32\perfh00D.dat [2012.07.18 23:06:02 | 000,167,508 | ---- | M] () -- C:\Windows\System32\perfc00E.dat [2012.07.18 23:06:02 | 000,153,596 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2012.07.18 23:06:02 | 000,145,578 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.18 23:06:02 | 000,145,100 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012.07.18 23:06:02 | 000,142,434 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012.07.18 23:06:02 | 000,137,214 | ---- | M] () -- C:\Windows\System32\perfc005.dat [2012.07.18 23:06:02 | 000,119,778 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2012.07.18 23:06:02 | 000,119,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.18 23:06:02 | 000,119,546 | ---- | M] () -- C:\Windows\System32\perfc012.dat [2012.07.18 23:06:02 | 000,113,376 | ---- | M] () -- C:\Windows\System32\perfc008.dat [2012.07.18 23:06:02 | 000,103,056 | ---- | M] () -- C:\Windows\System32\perfc00B.dat [2012.07.18 23:06:02 | 000,098,854 | ---- | M] () -- C:\Windows\System32\perfc006.dat [2012.07.18 23:06:02 | 000,096,926 | ---- | M] () -- C:\Windows\System32\perfc001.dat [2012.07.18 23:06:02 | 000,087,122 | ---- | M] () -- C:\Windows\System32\perfc00D.dat [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2012.08.12 08:47:06 | 000,000,000 | ---- | C] () -- C:\Users\kreien\defogger_reenable [2012.08.12 08:45:20 | 000,302,592 | ---- | C] () -- C:\Users\kreien\Desktop\pclei82e.exe [2012.08.12 08:42:32 | 000,050,477 | ---- | C] () -- C:\Users\kreien\Desktop\Defogger.exe [2012.08.11 18:24:29 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.11 17:04:39 | 3487,883,264 | -HS- | C] () -- C:\hiberfil.sys [2012.08.11 09:20:55 | 000,317,272 | ---- | C] () -- C:\Users\kreien\AppData\Local\census.cache [2012.08.11 09:20:39 | 000,201,769 | ---- | C] () -- C:\Users\kreien\AppData\Local\ars.cache [2012.08.11 08:51:17 | 000,000,036 | ---- | C] () -- C:\Users\kreien\AppData\Local\housecall.guid.cache [2012.08.04 18:02:57 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.08.04 17:59:38 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job [2012.07.04 02:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.05.15 21:47:41 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.03 23:51:40 | 000,000,043 | ---- | C] () -- C:\Users\kreien\gsview32.ini [2011.01.03 02:16:00 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.12.11 02:29:26 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini [2010.05.25 00:01:21 | 000,000,680 | ---- | C] () -- C:\Users\kreien\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2010.06.20 13:25:13 | 000,000,000 | ---D | M] -- C:\Users\kreien\AppData\Roaming\DataDesign [2010.12.20 14:55:20 | 000,000,000 | ---D | M] -- C:\Users\kreien\AppData\Roaming\Enfocus Prefs Folder [2011.12.06 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\kreien\AppData\Roaming\f-secure [2010.09.26 11:50:09 | 000,000,000 | ---D | M] -- C:\Users\kreien\AppData\Roaming\IrfanView [2010.06.12 12:26:53 | 000,000,000 | ---D | M] -- C:\Users\kreien\AppData\Roaming\Leadertech [2011.07.22 08:06:59 | 000,000,000 | ---D | M] -- C:\Users\kreien\AppData\Roaming\Uniblue [2012.08.12 08:33:41 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012.08.12 08:31:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 12.08.2012 08:50:10 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\kreien\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 56,46% Memory free 6,70 Gb Paging File | 5,32 Gb Available in Paging File | 79,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,80 Gb Total Space | 85,71 Gb Free Space | 36,82% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 232,79 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 7,05 Gb Free Space | 1,51% Space Free | Partition Type: NTFS Drive G: | 254,52 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 3,73 Gb Total Space | 0,06 Gb Free Space | 1,65% Space Free | Partition Type: NTFS Computer Name: KREIEN-PC | User Name: kreien | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2302094886-2186959880-4104396609-1000] "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F6AEC4B-4E14-44C3-AB5F-C79EC775C63E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{26EC22B3-E539-49BC-B72C-C3F87AF0849B}" = rport=137 | protocol=17 | dir=out | app=system | "{30D0FEB7-6C15-47FF-881E-4B2D4F13E25E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{31D3427A-B417-4A64-AC75-78BAF17C1700}" = lport=445 | protocol=6 | dir=in | app=system | "{405DF5AB-37AF-4ED9-A1EB-11094EAB1E31}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{426FD2D7-8413-4606-A21C-4DDBC0256316}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{659D202C-FAC2-455D-8463-2465811E0253}" = lport=138 | protocol=17 | dir=in | app=system | "{6BC7C3DE-F7C9-47D4-BC6E-BEA45ABE409B}" = lport=137 | protocol=17 | dir=in | app=system | "{8710B4E9-E6E2-42BA-998F-34E09EA70949}" = rport=139 | protocol=6 | dir=out | app=system | "{AE1CF6AD-FC64-4D0A-91E5-184471FA29DC}" = lport=2869 | protocol=6 | dir=in | app=system | "{BBE9D47B-65E7-4ED9-AE59-0B5BF7F08763}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe | "{C02514D0-A6B8-4608-AF1E-4C432FCAC5CC}" = rport=445 | protocol=6 | dir=out | app=system | "{C1A31F96-3B67-4FC0-B5BA-58A05C0041AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{CDE7EC75-04C4-4CB4-9C92-C8D958D1C178}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe | "{F66A7262-D0CE-481A-A5F5-4AD0C97B5F13}" = lport=139 | protocol=6 | dir=in | app=system | "{F9717DE5-5AF9-45E8-8366-AB733335A1A1}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03021DEA-6094-48C3-A82F-91F5ECF939AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{241B2105-6856-4D7C-8A15-1A54959ACB5F}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{2F9FE322-6FCB-4AA6-8B55-AC20C6FACF66}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{30D548DB-B4E8-4641-9CC2-70B2C3AD0DB5}" = protocol=6 | dir=in | app=c:\users\kreien_2\appdata\local\akamai\netsession_win.exe | "{3C720779-E14E-464B-8DE0-21D3C173A0DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4D7B2B74-A0D3-42D8-BE71-FFD61D7B976E}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{56EA41EB-6EBE-4E8B-8101-66EC60DB5469}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{6DDE80E6-A930-40CD-8F6C-B760D8AF327E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{84FF74D1-0B7E-4C09-8009-491E309C99ED}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{87EB2139-6CC1-4D74-8230-B3C1FC5DCDC8}" = protocol=17 | dir=in | app=c:\users\kreien_2\appdata\local\akamai\netsession_win.exe | "{8AF783F7-4D61-4931-9A8B-4762FC39B0E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A99A43E6-40C7-4348-82F7-F1732D817143}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B2E6A6FB-F902-4373-AE40-08EA1256DE32}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{BC5E0355-98BA-4289-BA92-4D4829C01C9E}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{C6129BA9-FBF8-4405-BEC0-EF76EF7C33B6}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{DB68A2A3-D877-42CE-93B7-0098AD14FA8B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{DFCCC959-B2FB-4B1D-B749-453478F82432}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E2666E57-2943-4866-909E-DBD1DF2202EA}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{FC3B123A-D229-45F9-97D5-766C988B5BC8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{054C5EBD-1803-9B06-A201-63A1A8A5C365}" = CCC Help Danish "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098F8AD3-DAC4-4B37-B9F8-4F9E92B41BE7}" = Adobe Setup "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0FB8CBBF-CFBA-B7C5-6433-4F5132783C31}" = CCC Help Portuguese "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{143412FA-840C-6158-599F-2B32D0861F80}" = Catalyst Control Center Graphics Previews Common "{16FED766-CFB4-87B1-9591-4A394E4AE673}" = ccc-utility "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20EA5B84-7055-65D9-7378-59750A15C6B5}" = CCC Help Russian "{21F3F7EC-CD32-D678-63AD-305F556D7BC9}" = Application Profiles "{21F68B2E-8A13-4EFE-A7B7-79F6F97A439D}" = ubCoreFlat 5.21 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2680C5AE-EDC8-7A73-3D41-FCE9A2F22390}" = CCC Help German "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32E879B3-F89C-5385-78C8-4DE7730C5FA0}" = AMD VISION Engine Control Center "{33D64034-5BC0-FF4F-6176-62ED61555CA8}" = CCC Help Thai "{33E0033D-A617-DA5B-2EAD-CE59947C7365}" = HydraVision "{3406AF2D-25A4-F348-76C1-F2164AF6131F}" = AMD Fuel "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CFAAB58-35C8-84C9-1391-8D4373714AFE}" = CCC Help Spanish "{42362C04-7187-4BB9-9B92-04216157E0EF}" = Adobe CMM "{453FDDF1-BA65-8D13-2E6F-1740190BB5C4}" = CCC Help Greek "{4728A95D-FD9B-CEE9-9609-BB01B5F82A0B}" = CCC Help Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AFC194C-FEAD-B844-92C2-D0273872ECCF}" = CCC Help Dutch "{5308F6BF-4660-926A-B611-0CBB32F44DD0}" = CCC Help Swedish "{56E56B8C-6B2E-F4FD-2C82-BDC128BDC894}" = AMD Catalyst Install Manager "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer "{6774184C-2DB4-4B88-BDBE-4A8535F1693D}" = MacDrive 8 "{69425AB7-75BF-25FC-EB4F-D2EAE9D82AA5}" = CCC Help Hungarian "{6B00CD97-EADD-3AFC-A844-89EB4DA73461}" = Catalyst Control Center InstallProxy "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79839E2D-82B1-6DF1-97A6-6737E4404407}" = CCC Help Japanese "{7C2D9B2C-D78C-EC0A-2337-612FD4799750}" = CCC Help Czech "{7D9C2CBE-5941-0250-2922-804D0A506ED0}" = CCC Help Polish "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9057D097-0563-6FFB-CDC6-DB2B2C5D1014}" = CCC Help Italian "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FC83F04-9C3F-429B-92DE-1252235765E4}" = DDBAC "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AA387C7F-7413-9C5A-DB71-70E406A8A92E}" = CCC Help French "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B00F5097-1F34-D3EA-4FB9-8DD2FAFF66F4}" = CCC Help Finnish "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B42129AB-E528-9CB4-7C8B-3BFE648F5CD8}" = CCC Help Norwegian "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C1A27149-1897-8509-CBFC-2C96866C8AD6}" = CCC Help Korean "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1" = ISO to USB "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DCA75ECE-39A9-0648-CB77-F6D759364CF9}" = Application Profiles "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE54DD68-6E24-9B72-467A-DFEE00E6E9A8}" = CCC Help Chinese Traditional "{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E9FDD18A-206A-9A43-AAE3-AB72EFFCD333}" = CCC Help Chinese Standard "{ED524538-828E-1AD8-D0E1-E2E72C926EE0}" = CCC Help English "{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore 5.52 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FCFE800F-8F42-1AC9-895C-10389CB90D86}" = Catalyst Control Center Localization All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_b7572144686c889e4039b734b60fbbd" = Adobe CMM "Akamai" = Akamai NetSession Interface Service "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Chipcard master_is1" = Chipcard master 6.73 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ENTERPRISER" = Microsoft Office Enterprise 2007 "GPL Ghostscript 9.02" = GPL Ghostscript "GSview 4.9" = GSview 4.9 "Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy) "InstallShield_{21F68B2E-8A13-4EFE-A7B7-79F6F97A439D}" = ubCoreFlat 5.21 "InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore 5.52 "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "MosChip Technology" = MosChip Multi-IO Controller "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Online Foto Print System (utech)" = Online Foto Print System ( Online Foto Print System (Foto-Utech) ) "Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a "UltSounds" = Windows-Soundschemas "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "VMware_Workstation" = VMware Workstation "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.08.2012 09:16:32 | Computer Name = kreien-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 374 Anfangszeit: 01cd77bfb7c09427 Zeitpunkt der Beendigung: 24 Error - 11.08.2012 09:20:16 | Computer Name = kreien-PC | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 09:30:22 | Computer Name = kreien-PC | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 10:27:35 | Computer Name = kreien-PC | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 10:51:22 | Computer Name = kreien-PC | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 10:59:25 | Computer Name = kreien-PC | Source = EventSystem | ID = 4609 Description = Error - 11.08.2012 11:00:04 | Computer Name = kreien-PC | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 11:05:12 | Computer Name = kreien-PC | Source = WinMgmt | ID = 10 Description = Error - 11.08.2012 12:33:49 | Computer Name = kreien-PC | Source = WinMgmt | ID = 10 Description = Error - 12.08.2012 02:33:52 | Computer Name = kreien-PC | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 03.07.2010 07:23:15 | Computer Name = kreien-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash. Error - 08.08.2010 11:45:39 | Computer Name = kreien-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 22857 seconds with 960 seconds of active time. This session ended with a crash. Error - 01.06.2011 09:50:00 | Computer Name = kreien-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 02.06.2011 04:19:06 | Computer Name = kreien-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 02.06.2011 06:00:33 | Computer Name = kreien-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 02.06.2011 08:03:13 | Computer Name = kreien-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error - 23.06.2011 17:19:11 | Computer Name = kreien-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1471 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.08.2012 01:39:59 | Computer Name = kreien-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.08.2012 12:33:49 | Computer Name = kreien-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2012 12:33:49 | Computer Name = kreien-PC | Source = Service Control Manager | ID = 7023 Description = Error - 11.08.2012 12:33:58 | Computer Name = kreien-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2012 12:39:48 | Computer Name = kreien-PC | Source = Service Control Manager | ID = 7022 Description = Error - 11.08.2012 12:47:45 | Computer Name = kreien-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 12.08.2012 02:33:03 | Computer Name = kreien-PC | Source = nmserial | ID = 393234 Description = Error - 12.08.2012 02:33:52 | Computer Name = kreien-PC | Source = Service Control Manager | ID = 7000 Description = Error - 12.08.2012 02:33:52 | Computer Name = kreien-PC | Source = Service Control Manager | ID = 7023 Description = Error - 12.08.2012 02:34:19 | Computer Name = kreien-PC | Source = Service Control Manager | ID = 7000 Description = Error - 12.08.2012 02:46:30 | Computer Name = kreien-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-08-13 12:51:32 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000067 ST325031 rev.CC37 Running: pclei82e.exe; Driver: C:\Users\kreien\AppData\Local\Temp\ugliipob.sys ---- System - GMER 1.0.15 ---- SSDT 8DE5A43E ZwCreateSection SSDT 8DE5A448 ZwRequestWaitReplyPort SSDT 8DE5A443 ZwSetContextThread SSDT 8DE5A44D ZwSetSecurityObject SSDT 8DE5A452 ZwSystemDebugControl SSDT 8DE5A3DF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 828C08D8 4 Bytes [3E, A4, E5, 8D] {MOVS BYTE DS:[EDI]; IN EAX, 0x8d} .text ntkrnlpa.exe!KeSetEvent + 539 828C0BFC 4 Bytes [48, A4, E5, 8D] {DEC EAX; MOVSB ; IN EAX, 0x8d} .text ntkrnlpa.exe!KeSetEvent + 56D 828C0C30 4 Bytes [43, A4, E5, 8D] {INC EBX; MOVSB ; IN EAX, 0x8d} .text ntkrnlpa.exe!KeSetEvent + 5D1 828C0C94 4 Bytes [4D, A4, E5, 8D] {DEC EBP; MOVSB ; IN EAX, 0x8d} .text ntkrnlpa.exe!KeSetEvent + 619 828C0CDC 4 Bytes [52, A4, E5, 8D] {PUSH EDX; MOVSB ; IN EAX, 0x8d} .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93C08000, 0x2BFBF0, 0xE8000020] ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation) Device MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ubohci \Device\C1394 UB1394.SYS (ubCore® 1394 Class Driver (x86 XP/2003/Vista Rel)/Unibrain S.A.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \FileSystem\Mup \Device\Mup MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation) Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Viele Grüße Michael |
|
14.08.2012, 06:31
| #2 | |||||
| /// Helfer-Team    | Problem mit LAN-Verbindungen - Virenproblem oder nicht? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {001192E5-0691-4293-96B9-4014A786E411}
IE - HKCU\..\SearchScopes\{001192E5-0691-4293-96B9-4014A786E411}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.12 08:06:58 | 000,000,049 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{894a0713-6786-11df-89c5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{894a0713-6786-11df-89c5-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Launcher.exe -- [2011.02.21 15:31:04 | 010,056,560 | R--- | M] (EIZO NANAO CORPORATION)
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Zitat:
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
4. erneut einen Scan mit OTL:
5. Lade dir von hier -> HijackThis herunter Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" ► Vista und Win7 - Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen... Zitat:
Nur bei Probleme inzwischen melden! ** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
| Themen zu Problem mit LAN-Verbindungen - Virenproblem oder nicht? |
| 32 bit, antivir, aufrufe, avira, bho, browser, dns-server, driverscanner, error, exp/cve-2010-0840.fh, feedback, firefox, flash player, focus, format, freundlich, helper, hewlett packard, hängen, install.exe, internet, ip-adresse, lan-kabel, locker, logfile, mozilla, office 2007, plug-in, problem, realtek, registry, rundll, safer networking, security, sehr geholfen, sekunden, senden, software, svchost.exe, updates, usb, viren |
.
Linear-Darstellung
