Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.09.2012, 07:50   #1
bismosa
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Hallo!

Ich hatte gestern beim Surfen im Internet plötzlich eine Admin-Anforderung von cmd.exe. Während dessen hat sich auch gleich Antivir(free) gemeldet mit dem Trojaner TR/Crypt.XPACK.Gen.
Es kamen weitere Admin-Anforderungen von Adobe. Alle wurden von mir abgelehnt. Das hörte auch erst auf, nachdem ich ein Prozess (Ich habe mir den Namen leider nicht gemerkt irgendwie A... und eine wilde Nummer) mit dem Task-Manager beendet habe.
Antivir hat gleich einen Suchlauf gestartet und diese Meldung gegeben:
Code:
ATTFilter
The file 'C:\$Recycle.Bin\S-1-5-21-120065402-3469818826-2513661517-1001\$6fff002266dd706dd0472f89929f9759\n'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '551886c3.qua'.
         
Ich habe dann mit Malwarebytes einen Quick Scan durchgeführt und alle Funde beseitigen lassen.

Danach habe ich dann einen vollständigen Suchlauf mit Malwarebytes durchgeführt. Diesen habe ich gestern Abend abgebrochen, da ich festgestellt habe, das mein Antivir die ganze Zeit aktiv war. Ich habe da keine weitere Aktion durchgeführt, sondern den Suchlauf erneut gestartet (Und dann alle Funde beseitigen lassen).

Dann habe ich jetzt noch nach Anleitung den Scan mit OTL gemacht. GMER stürzt leider (auch nach einem Neustart) ab. (Siehe Screenshot in der ZIP).
Code:
ATTFilter
OTL logfile created on: 16.09.2012 07:50:44 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 66,52% Memory free
6,99 Gb Paging File | 5,71 Gb Available in Paging File | 81,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 359,99 Gb Total Space | 81,78 Gb Free Space | 22,72% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,51 Gb Free Space | 35,12% Space Free | Partition Type: NTFS
Drive Z: | 122,76 Mb Total Space | 121,46 Mb Free Space | 98,95% Space Free | Partition Type: FAT
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.16 07:46:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.09.15 09:22:27 | 000,368,640 | ---- | M] (MXI Security) -- C:\Users\***\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}\syshost.exe
PRC - [2012.09.03 21:05:50 | 001,193,176 | ---- | M] () -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.08 20:38:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 09:56:06 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.06.09 06:06:58 | 001,855,080 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2012.06.09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.12 09:01:00 | 000,201,216 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBU.EXE
PRC - [2009.09.14 07:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009.09.14 07:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.03 21:05:50 | 001,193,176 | ---- | M] () -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.04.27 19:09:24 | 000,018,784 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.08 07:40:13 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.07.23 16:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.12 19:43:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.09 06:48:28 | 000,089,192 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2012.06.09 02:37:04 | 000,433,816 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012.06.09 02:36:36 | 000,354,456 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.06.09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.06.03 16:25:57 | 003,491,792 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.27 22:23:54 | 005,924,008 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.04.27 22:23:04 | 000,821,552 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.04.17 19:20:54 | 002,326,288 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.04.17 19:20:36 | 000,498,960 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.04.17 19:20:32 | 000,107,792 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.03.28 05:03:50 | 003,293,184 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [Disabled | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Workgroup PDM\Vault\pdmwService.exe -- (PDMWorks Workgroup Server)
SRV - [2012.03.08 12:19:40 | 000,104,208 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.03.01 11:35:18 | 000,509,448 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2011.10.20 17:10:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.11 21:01:27 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011.08.29 23:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.06.21 18:45:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.09.14 07:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009.09.14 07:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe -- (AESTFilters)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2012.07.23 16:18:34 | 000,064,664 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012.07.19 23:21:19 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012.06.09 02:37:14 | 000,055,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012.06.09 02:36:16 | 000,025,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012.06.09 02:35:30 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012.06.08 23:52:20 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012.06.08 23:52:20 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012.06.03 16:25:58 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012.06.03 16:25:50 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012.06.03 16:25:48 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.06.03 16:25:39 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012.06.03 16:25:37 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67)
DRV - [2012.06.03 16:25:35 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012.06.03 16:25:33 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.01 10:55:22 | 000,141,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2012.03.01 10:55:22 | 000,141,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2011.11.16 19:18:08 | 000,144,896 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\Windows\System32\drivers\uigxrdr.SYS -- (uigxrdr)
DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.08.29 23:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2011.08.08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.07.05 20:42:00 | 000,334,712 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)
DRV - [2011.03.30 13:05:54 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011.03.07 20:38:21 | 000,060,544 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011.03.07 20:38:21 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010.11.20 14:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.07 04:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.02.15 19:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.02.15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.10.10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.03.05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2005.03.30 12:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2001.08.09 11:39:46 | 000,025,569 | ---- | M] (Belkin Components) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\F5U103UD.SYS -- (F5U103UD)
DRV - [2001.08.09 11:39:46 | 000,016,528 | ---- | M] (Belkin Components) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\F5U103BD.SYS -- (F5U103BD)
DRV - [2000.06.29 18:24:14 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DLPORTIO.SYS -- (DLPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 64 C0 5A E4 E7 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {64A06B48-89FD-4E8C-943A-840FFA28A5BA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{64A06B48-89FD-4E8C-943A-840FFA28A5BA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "file:///c:/tor.pac"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9001
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 07:40:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 20:45:30 | 000,000,000 | ---D | M]
 
[2011.09.13 08:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.05 15:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions
[2011.01.06 20:25:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.03 10:19:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.01 14:12:04 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.05.14 21:16:02 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\fb_add_on@avm.de
[2011.01.06 20:25:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\firefox@tvunetworks.com
[2011.08.30 20:05:57 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\LogMeInClient@logmein.com
[2011.01.06 20:25:27 | 000,000,000 | ---D | M] (Vodafone DRM Plugin for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\vodafone_drm_plugin@vodafone.com
[2012.09.01 14:12:07 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\w60uhokx.default\extensions\firebug@software.joehewitt.com.xpi
[2012.09.05 15:06:24 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\w60uhokx.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.01.21 09:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.09.08 07:40:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.06 18:50:26 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.18 08:59:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 07:40:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.18 08:59:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.17 15:33:38 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.18 08:59:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 08:59:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 08:59:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [\\hxxp://192.168.178.25:631\Epson_Stylus_Office_BX620FWD] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON BX620FWD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\***\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [syshost32] C:\Users\***\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}\syshost.exe (MXI Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DEFBE5-D94D-4CB4-85A8-DA76DBF7E87A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DEFBE5-D94D-4CB4-85A8-DA76DBF7E87A}: NameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{85b807a4-d2b1-11e1-bb55-002269bfdbfa}\Shell - "" = AutoRun
O33 - MountPoints2\{85b807a4-d2b1-11e1-bb55-002269bfdbfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b5695cd5-a480-11e0-afaf-e0f57537b277}\Shell - "" = AutoRun
O33 - MountPoints2\{b5695cd5-a480-11e0-afaf-e0f57537b277}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b5695ce0-a480-11e0-afaf-e0f57537b277}\Shell - "" = AutoRun
O33 - MountPoints2\{b5695ce0-a480-11e0-afaf-e0f57537b277}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff519d9d-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun
O33 - MountPoints2\{ff519d9d-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff519da4-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun
O33 - MountPoints2\{ff519da4-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff519dbf-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun
O33 - MountPoints2\{ff519dbf-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff519df1-d4d5-11e0-ae04-002269bfdbfa}\Shell - "" = AutoRun
O33 - MountPoints2\{ff519df1-d4d5-11e0-ae04-002269bfdbfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.16 07:46:24 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.15 13:16:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\virAkt
[2012.09.15 09:22:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}
[2012.09.14 16:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.14 16:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.14 16:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.14 16:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.14 16:19:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.05 20:36:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FRITZ!
[2012.09.05 20:36:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FRITZ!
[2012.09.05 20:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
[2012.09.05 20:35:43 | 000,050,480 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmColorFaxRender.dll
[2012.09.05 20:35:43 | 000,046,384 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmFaxRender.dll
[2012.09.05 20:35:43 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaMon.dll
[2012.09.05 20:35:43 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaColorMon.dll
[2012.09.05 20:35:42 | 000,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzPort.dll
[2012.09.05 20:35:42 | 000,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzColorPort.dll
[2012.09.05 20:35:42 | 000,042,288 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\Fridru32.dll
[2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ISDNWatch
[2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!
[2012.09.05 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax
[2012.09.03 21:05:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Spotify
[2012.09.03 21:05:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Spotify
[2012.08.17 13:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.16 07:54:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.16 07:49:17 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\bzi7mtxm.exe
[2012.09.16 07:46:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.16 07:43:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.16 07:35:49 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 07:35:49 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 07:34:28 | 000,727,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.16 07:34:28 | 000,150,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.16 07:34:27 | 000,774,328 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.16 07:34:27 | 000,178,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.16 07:33:16 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.16 07:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.16 07:27:32 | 2817,048,576 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 13:52:10 | 000,331,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.15 10:13:02 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.14 16:27:12 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 20:35:57 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!fax.lnk
[2012.09.03 21:05:50 | 000,001,811 | ---- | M] () -- C:\Users\***\Desktop\Spotify.lnk
[2012.08.19 08:33:26 | 523,621,415 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.17 13:52:22 | 000,048,332 | ---- | M] () -- C:\Users\***\Desktop\In meiner Macht (M s T ) (Inhaltsangabe).pdf
[2012.08.17 13:50:21 | 001,664,981 | ---- | M] () -- C:\Users\***\Desktop\In meiner Macht (M s T ).pdf
[2012.08.17 13:41:45 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.08.17 13:41:32 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.16 07:49:13 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\bzi7mtxm.exe
[2012.09.15 10:13:02 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 20:35:57 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!fax.lnk
[2012.09.03 21:05:50 | 000,001,811 | ---- | C] () -- C:\Users\***\Desktop\Spotify.lnk
[2012.09.03 21:05:50 | 000,001,797 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.08.17 13:52:22 | 000,048,332 | ---- | C] () -- C:\Users\***\Desktop\In meiner Macht (M s T ) (Inhaltsangabe).pdf
[2012.08.17 13:50:21 | 001,664,981 | ---- | C] () -- C:\Users\***\Desktop\In meiner Macht (M s T ).pdf
[2012.08.17 13:41:45 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.08.17 13:41:32 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.28 14:25:53 | 000,144,902 | ---- | C] () -- C:\Users\***\final_bstSnapshot_51112.jpg
[2012.07.13 14:47:32 | 000,028,903 | ---- | C] () -- C:\Users\***\AppData\Local\Temp20.html
[2012.07.13 14:47:14 | 000,001,858 | ---- | C] () -- C:\Users\***\AppData\Local\Temp1.html
[2012.05.15 21:30:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.05.15 21:30:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.04.04 18:27:37 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptable.xml
[2012.03.07 22:27:53 | 000,000,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\myAVR_ProgTool.cfg
[2012.03.07 22:09:12 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\DLPORTIO.SYS
[2012.03.05 21:46:20 | 000,001,778 | ---- | C] () -- C:\Users\***\gdbtk.ini
[2012.03.03 09:30:20 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.01.31 19:35:41 | 000,000,001 | ---- | C] () -- C:\Users\***\AppData\Local\llftool.4.25.agreement
[2011.11.07 23:36:16 | 109,744,128 | ---- | C] () -- C:\Users\***\AppData\Roaming\Streets2.db
[2011.10.16 14:05:08 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.10.08 17:35:41 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.09.27 13:55:05 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011.09.27 13:55:05 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011.09.27 13:54:48 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.08.17 18:27:50 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.03 12:29:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.07 22:27:46 | 000,000,022 | ---- | C] () -- C:\Users\***\PDM Tool.hhp
[2011.04.15 16:16:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.04.15 16:16:38 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.03.14 22:18:15 | 000,218,062 | ---- | C] () -- C:\Users\***\AppData\Local\debuggee.mdmp
[2011.01.14 16:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.01.11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011.01.08 14:53:55 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011.01.08 11:08:48 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.07 15:35:38 | 000,007,630 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.07 09:24:02 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
 
========== LOP Check ==========
 
[2012.06.03 16:25:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\60638F71-5E88-4767-8B1E-A02E0753EE95
[2012.06.03 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\6ED8FC49-0C8F-41D9-90C3-DCB0E68B49F2
[2012.06.03 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2011.12.21 18:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ActiveState
[2011.04.18 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\anpo.republika.pl
[2011.12.04 10:05:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVM
[2012.03.03 09:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2011.11.16 21:03:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft
[2012.07.18 19:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.05.22 00:12:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes
[2012.02.21 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.03.03 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.03.03 10:19:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.20 08:13:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2011.01.21 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EDrawings
[2012.03.20 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.01.09 09:25:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2012.03.04 15:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Exdez
[2011.04.18 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org
[2012.09.05 20:36:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2012.09.05 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.04.18 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2012.05.01 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2011.10.20 21:39:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.05.08 21:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hdbADS
[2012.03.09 15:31:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hykaf
[2011.05.22 09:01:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IcoFX
[2012.05.20 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.05.20 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.12.21 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LuaEdit
[2012.03.05 21:52:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MCS Electronics
[2011.04.30 09:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator
[2012.01.24 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2012.09.10 20:47:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2012.03.19 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.07.04 18:20:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w
[2012.05.15 21:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RipIt4Me
[2011.04.15 16:16:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.09.16 07:33:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2011.08.03 22:37:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SqueezePlay
[2012.01.21 12:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2012.07.30 21:45:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.01.06 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TMP
[2011.04.30 13:57:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinCachebox
[2012.07.29 07:50:55 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.25 21:23:07 | 001,044,480 | ---- | C] ()(C:\Users\***\Desktop\??.max) -- C:\Users\***\Desktop\瑶琴.max
[2006.05.24 10:30:22 | 001,044,480 | ---- | M] ()(C:\Users\***\Desktop\??.max) -- C:\Users\***\Desktop\瑶琴.max
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5F64C164

< End of report >
         
Soeben habe ich auch von Windows (Defender) die Meldung bekommen:
Trojan:Win32/Necurs.gen!A ist aktiv. Ich habe vom Defender das System bereinigen lassen (Quarantäne).

Ich habe in der angehängten Zip die Logs von:
- Antivir (Ich habe alle Events einfach rauskopiert)
- OTL
- Screenshot von GMER
- Malewarebytes

Ist das System noch mit normalen Aufwand zu retten? Oder lieber gleich alles Formatieren?

Vielen Dank!
Gruß
Bismosa

Alt 17.09.2012, 13:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 17.09.2012, 13:51   #3
bismosa
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Hallo!

Sorry, hier die einzelnen Log´s:
Antivir:
Code:
ATTFilter
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\$Recycle.Bin\S-1-5-21-120065402-3469818826-2513661517-1001\$6fff002266dd706dd0472f89929f9759\n.
Action performed: Deny access

The file 'C:\$Recycle.Bin\S-1-5-21-120065402-3469818826-2513661517-1001\$6fff002266dd706dd0472f89929f9759\n'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '551886c3.qua'.

In accordance with security guidelines, the Administrator has blocked access to the registry.

Virus or unwanted program 'ADWARE/Adware.Gen [adware]'
detected in file 'C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08UWVR46\Testbundle23w_1254[1].exe.
Action performed: Deny access

Virus or unwanted program 'ADWARE/Adware.Gen [adware]'
detected in file 'C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08UWVR46\Testbundle23w_1254[1].exe.
Action performed: Deny access

Virus or unwanted program 'EXP/2012-0507.D.2 [exploit]'
detected in file 'C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\52fae3d1-44b9d1cd.
Action performed: Deny access

Virus or unwanted program 'PHP/Agent.BV.6 [virus]'
detected in file 'C:\Users\xxx\Documents\Gemeinde\Homepage Syke Joomla\Hilfsprogramme\index.php.
Action performed: Deny access
         
mbam Quick-Scan:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.15.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx-PC [Administrator]

15.09.2012 10:33:09
mbam-log-2012-09-15 (10-33-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250410
Laufzeit: 45 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-120065402-3469818826-2513661517-1001\$6fff002266dd706dd0472f89929f9759\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\xxx\AppData\Local\Temp\-1959127479.exe (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\AppData\Local\Temp\msimg32.dll (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Der Abgebrochene Scan mit mbam:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.15.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx-PC [Administrator]

15.09.2012 14:08:27
mbam-log-2012-09-15 (14-08-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 685083
Laufzeit: 9 Stunde(n), 6 Minute(n), 46 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08UWVR46\Testbundle23w_1254[1].exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.
C:\Users\xxx\Documents\Visual Studio 2010\Projects\Beispiel Warteschleife Backgroundworker\Beispiel Warteschleife Backgroundworker\bin\Debug\WindowsApplication2.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\xxx\Documents\Visual Studio 2010\Projects\Beispiel Warteschleife Backgroundworker\Beispiel Warteschleife Backgroundworker\obj\x86\Debug\WindowsApplication2.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\xxx\Documents\Visual Studio 2010\Projects\WindowsApplication2\WindowsApplication2\bin\Debug\WindowsApplication2.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\xxx\Documents\Visual Studio 2010\Projects\WindowsApplication2\WindowsApplication2\obj\x86\Debug\WindowsApplication2.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
Der Vollständige Scan mit mbam mit Entfernung:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.15.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx-PC [Administrator]

15.09.2012 23:28:29
mbam-log-2012-09-15 (23-28-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 894879
Laufzeit: 6 Stunde(n), 50 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08UWVR46\Testbundle23w_1254[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\Documents\Visual Studio 2010\Projects\Beispiel Warteschleife Backgroundworker\Beispiel Warteschleife Backgroundworker\bin\Debug\WindowsApplication2.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\Documents\Visual Studio 2010\Projects\Beispiel Warteschleife Backgroundworker\Beispiel Warteschleife Backgroundworker\obj\x86\Debug\WindowsApplication2.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\Documents\Visual Studio 2010\Projects\WindowsApplication2\WindowsApplication2\bin\Debug\WindowsApplication2.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\Documents\Visual Studio 2010\Projects\WindowsApplication2\WindowsApplication2\obj\x86\Debug\WindowsApplication2.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.09.2012 07:50:44 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\xxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 66,52% Memory free
6,99 Gb Paging File | 5,71 Gb Available in Paging File | 81,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 359,99 Gb Total Space | 81,78 Gb Free Space | 22,72% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,51 Gb Free Space | 35,12% Space Free | Partition Type: NTFS
Drive Z: | 122,76 Mb Total Space | 121,46 Mb Free Space | 98,95% Space Free | Partition Type: FAT
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.16 07:46:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2012.09.15 09:22:27 | 000,368,640 | ---- | M] (MXI Security) -- C:\Users\xxx\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}\syshost.exe
PRC - [2012.09.03 21:05:50 | 001,193,176 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.08 20:38:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 09:56:06 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.06.09 06:06:58 | 001,855,080 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2012.06.09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.12 09:01:00 | 000,201,216 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBU.EXE
PRC - [2009.09.14 07:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009.09.14 07:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.03 21:05:50 | 001,193,176 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.04.27 19:09:24 | 000,018,784 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.08 07:40:13 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.07.23 16:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.12 19:43:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.09 06:48:28 | 000,089,192 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2012.06.09 02:37:04 | 000,433,816 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012.06.09 02:36:36 | 000,354,456 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.06.09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.06.03 16:25:57 | 003,491,792 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.27 22:23:54 | 005,924,008 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.04.27 22:23:04 | 000,821,552 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.04.17 19:20:54 | 002,326,288 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.04.17 19:20:36 | 000,498,960 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.04.17 19:20:32 | 000,107,792 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.03.28 05:03:50 | 003,293,184 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [Disabled | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Workgroup PDM\Vault\pdmwService.exe -- (PDMWorks Workgroup Server)
SRV - [2012.03.08 12:19:40 | 000,104,208 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.03.01 11:35:18 | 000,509,448 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2011.10.20 17:10:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.11 21:01:27 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011.08.29 23:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.06.21 18:45:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.09.14 07:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009.09.14 07:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe -- (AESTFilters)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2012.07.23 16:18:34 | 000,064,664 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012.07.19 23:21:19 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012.06.09 02:37:14 | 000,055,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012.06.09 02:36:16 | 000,025,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012.06.09 02:35:30 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012.06.08 23:52:20 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012.06.08 23:52:20 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012.06.03 16:25:58 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012.06.03 16:25:50 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012.06.03 16:25:48 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.06.03 16:25:39 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012.06.03 16:25:37 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67)
DRV - [2012.06.03 16:25:35 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012.06.03 16:25:33 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.01 10:55:22 | 000,141,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2012.03.01 10:55:22 | 000,141,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2011.11.16 19:18:08 | 000,144,896 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\Windows\System32\drivers\uigxrdr.SYS -- (uigxrdr)
DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.08.29 23:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2011.08.08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.07.05 20:42:00 | 000,334,712 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)
DRV - [2011.03.30 13:05:54 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011.03.07 20:38:21 | 000,060,544 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011.03.07 20:38:21 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010.11.20 14:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.07 04:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.02.15 19:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.02.15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.10.10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.03.05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2005.03.30 12:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2001.08.09 11:39:46 | 000,025,569 | ---- | M] (Belkin Components) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\F5U103UD.SYS -- (F5U103UD)
DRV - [2001.08.09 11:39:46 | 000,016,528 | ---- | M] (Belkin Components) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\F5U103BD.SYS -- (F5U103BD)
DRV - [2000.06.29 18:24:14 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DLPORTIO.SYS -- (DLPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 64 C0 5A E4 E7 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {64A06B48-89FD-4E8C-943A-840FFA28A5BA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{64A06B48-89FD-4E8C-943A-840FFA28A5BA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "file:///c:/tor.pac"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9001
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 07:40:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 20:45:30 | 000,000,000 | ---D | M]
 
[2011.09.13 08:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.09.05 15:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions
[2011.01.06 20:25:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.03 10:19:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.01 14:12:04 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.05.14 21:16:02 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\fb_add_on@avm.de
[2011.01.06 20:25:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\firefox@tvunetworks.com
[2011.08.30 20:05:57 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\LogMeInClient@logmein.com
[2011.01.06 20:25:27 | 000,000,000 | ---D | M] (Vodafone DRM Plugin for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\vodafone_drm_plugin@vodafone.com
[2012.09.01 14:12:07 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\w60uhokx.default\extensions\firebug@software.joehewitt.com.xpi
[2012.09.05 15:06:24 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\w60uhokx.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.01.21 09:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.09.08 07:40:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.06 18:50:26 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.18 08:59:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 07:40:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.18 08:59:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.17 15:33:38 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.18 08:59:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 08:59:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 08:59:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [\\hxxp://192.168.178.25:631\Epson_Stylus_Office_BX620FWD] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON BX620FWD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\xxx\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\xxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [syshost32] C:\Users\xxx\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}\syshost.exe (MXI Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DEFBE5-D94D-4CB4-85A8-DA76DBF7E87A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DEFBE5-D94D-4CB4-85A8-DA76DBF7E87A}: NameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{85b807a4-d2b1-11e1-bb55-002269bfdbfa}\Shell - "" = AutoRun
O33 - MountPoints2\{85b807a4-d2b1-11e1-bb55-002269bfdbfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b5695cd5-a480-11e0-afaf-e0f57537b277}\Shell - "" = AutoRun
O33 - MountPoints2\{b5695cd5-a480-11e0-afaf-e0f57537b277}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b5695ce0-a480-11e0-afaf-e0f57537b277}\Shell - "" = AutoRun
O33 - MountPoints2\{b5695ce0-a480-11e0-afaf-e0f57537b277}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff519d9d-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun
O33 - MountPoints2\{ff519d9d-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff519da4-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun
O33 - MountPoints2\{ff519da4-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff519dbf-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun
O33 - MountPoints2\{ff519dbf-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ff519df1-d4d5-11e0-ae04-002269bfdbfa}\Shell - "" = AutoRun
O33 - MountPoints2\{ff519df1-d4d5-11e0-ae04-002269bfdbfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.16 07:46:24 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.09.15 13:16:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\virAkt
[2012.09.15 09:22:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}
[2012.09.14 16:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.14 16:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.14 16:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.14 16:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.14 16:19:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.05 20:36:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\FRITZ!
[2012.09.05 20:36:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\FRITZ!
[2012.09.05 20:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
[2012.09.05 20:35:43 | 000,050,480 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmColorFaxRender.dll
[2012.09.05 20:35:43 | 000,046,384 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmFaxRender.dll
[2012.09.05 20:35:43 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaMon.dll
[2012.09.05 20:35:43 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaColorMon.dll
[2012.09.05 20:35:42 | 000,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzPort.dll
[2012.09.05 20:35:42 | 000,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzColorPort.dll
[2012.09.05 20:35:42 | 000,042,288 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\Fridru32.dll
[2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ISDNWatch
[2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!
[2012.09.05 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Fax
[2012.09.03 21:05:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Spotify
[2012.09.03 21:05:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Spotify
[2012.08.17 13:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.16 07:54:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.16 07:49:17 | 000,302,592 | ---- | M] () -- C:\Users\xxx\Desktop\bzi7mtxm.exe
[2012.09.16 07:46:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.09.16 07:43:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.16 07:35:49 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 07:35:49 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 07:34:28 | 000,727,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.16 07:34:28 | 000,150,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.16 07:34:27 | 000,774,328 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.16 07:34:27 | 000,178,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.16 07:33:16 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.16 07:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.16 07:27:32 | 2817,048,576 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 13:52:10 | 000,331,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.15 10:13:02 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.14 16:27:12 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 20:35:57 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!fax.lnk
[2012.09.03 21:05:50 | 000,001,811 | ---- | M] () -- C:\Users\xxx\Desktop\Spotify.lnk
[2012.08.19 08:33:26 | 523,621,415 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.17 13:52:22 | 000,048,332 | ---- | M] () -- C:\Users\xxx\Desktop\In meiner Macht (M s T ) (Inhaltsangabe).pdf
[2012.08.17 13:50:21 | 001,664,981 | ---- | M] () -- C:\Users\xxx\Desktop\In meiner Macht (M s T ).pdf
[2012.08.17 13:41:45 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.08.17 13:41:32 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.16 07:49:13 | 000,302,592 | ---- | C] () -- C:\Users\xxx\Desktop\bzi7mtxm.exe
[2012.09.15 10:13:02 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 20:35:57 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!fax.lnk
[2012.09.03 21:05:50 | 000,001,811 | ---- | C] () -- C:\Users\xxx\Desktop\Spotify.lnk
[2012.09.03 21:05:50 | 000,001,797 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.08.17 13:52:22 | 000,048,332 | ---- | C] () -- C:\Users\xxx\Desktop\In meiner Macht (M s T ) (Inhaltsangabe).pdf
[2012.08.17 13:50:21 | 001,664,981 | ---- | C] () -- C:\Users\xxx\Desktop\In meiner Macht (M s T ).pdf
[2012.08.17 13:41:45 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.08.17 13:41:32 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.28 14:25:53 | 000,144,902 | ---- | C] () -- C:\Users\xxx\final_bstSnapshot_51112.jpg
[2012.07.13 14:47:32 | 000,028,903 | ---- | C] () -- C:\Users\xxx\AppData\Local\Temp20.html
[2012.07.13 14:47:14 | 000,001,858 | ---- | C] () -- C:\Users\xxx\AppData\Local\Temp1.html
[2012.05.15 21:30:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.05.15 21:30:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.04.04 18:27:37 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\Temptable.xml
[2012.03.07 22:27:53 | 000,000,430 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\myAVR_ProgTool.cfg
[2012.03.07 22:09:12 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\DLPORTIO.SYS
[2012.03.05 21:46:20 | 000,001,778 | ---- | C] () -- C:\Users\xxx\gdbtk.ini
[2012.03.03 09:30:20 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.01.31 19:35:41 | 000,000,001 | ---- | C] () -- C:\Users\xxx\AppData\Local\llftool.4.25.agreement
[2011.11.07 23:36:16 | 109,744,128 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Streets2.db
[2011.10.16 14:05:08 | 000,000,218 | ---- | C] () -- C:\Users\xxx\.recently-used.xbel
[2011.10.08 17:35:41 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Local\PUTTY.RND
[2011.09.27 13:55:05 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011.09.27 13:55:05 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011.09.27 13:54:48 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.08.17 18:27:50 | 000,005,120 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.03 12:29:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.07 22:27:46 | 000,000,022 | ---- | C] () -- C:\Users\xxx\PDM Tool.hhp
[2011.04.15 16:16:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.04.15 16:16:38 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.03.14 22:18:15 | 000,218,062 | ---- | C] () -- C:\Users\xxx\AppData\Local\debuggee.mdmp
[2011.01.14 16:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.01.11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011.01.08 14:53:55 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011.01.08 11:08:48 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.07 15:35:38 | 000,007,630 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2011.01.07 09:24:02 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
 
========== LOP Check ==========
 
[2012.06.03 16:25:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\60638F71-5E88-4767-8B1E-A02E0753EE95
[2012.06.03 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\6ED8FC49-0C8F-41D9-90C3-DCB0E68B49F2
[2012.06.03 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Acronis
[2011.12.21 18:31:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ActiveState
[2011.04.18 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\anpo.republika.pl
[2011.12.04 10:05:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AVM
[2012.03.03 09:30:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2011.11.16 21:03:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CadSoft
[2012.07.18 19:31:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canneverbe Limited
[2011.05.22 00:12:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DassaultSystemes
[2012.02.21 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DesktopIconForAmazon
[2012.03.03 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.03.03 10:19:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.20 08:13:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EAC
[2011.01.21 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EDrawings
[2012.03.20 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2011.01.09 09:25:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Epson
[2012.03.04 15:56:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Exdez
[2011.04.18 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\fltk.org
[2012.09.05 20:36:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FRITZ!
[2012.09.05 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.04.18 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GARMIN
[2012.05.01 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GMX
[2011.10.20 21:39:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2011.05.08 21:18:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\hdbADS
[2012.03.09 15:31:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Hykaf
[2011.05.22 09:01:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IcoFX
[2012.05.20 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ImgBurn
[2011.05.20 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IrfanView
[2011.12.21 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\LuaEdit
[2012.03.05 21:52:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MCS Electronics
[2011.04.30 09:34:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mobile Atlas Creator
[2012.01.24 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mp3DirectCut
[2012.09.10 20:47:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag
[2012.03.19 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++
[2012.07.04 18:20:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\redsn0w
[2012.05.15 21:59:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\RipIt4Me
[2011.04.15 16:16:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2012.09.16 07:33:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spotify
[2011.08.03 22:37:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SqueezePlay
[2012.01.21 12:17:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Subversion
[2012.07.30 21:45:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2011.01.06 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TMP
[2011.04.30 13:57:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinCachebox
[2012.07.29 07:50:55 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.25 21:23:07 | 001,044,480 | ---- | C] ()(C:\Users\xxx\Desktop\??.max) -- C:\Users\xxx\Desktop\瑶琴.max
[2006.05.24 10:30:22 | 001,044,480 | ---- | M] ()(C:\Users\xxx\Desktop\??.max) -- C:\Users\xxx\Desktop\瑶琴.max
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5F64C164

< End of report >
         
--- --- ---

[/CODE]

Extras folgt gleich im nächsten Beitrag...

Gruß
Bismsoa
__________________

Alt 17.09.2012, 13:53   #4
bismosa
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Hallo,

hier noch die Extras.txt:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.09.2012 07:50:44 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\xxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 66,52% Memory free
6,99 Gb Paging File | 5,71 Gb Available in Paging File | 81,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 359,99 Gb Total Space | 81,78 Gb Free Space | 22,72% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,51 Gb Free Space | 35,12% Space Free | Partition Type: NTFS
Drive Z: | 122,76 Mb Total Space | 121,46 Mb Free Space | 98,95% Space Free | Partition Type: FAT
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0835D5DA-5A5A-4D27-9F16-47CD61FD7EDA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{12C81657-80F3-4FEB-A82D-9AA82F175FC4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2291CD90-1156-4217-8095-A4E41678FE5B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E992ABA-78BF-499A-9D91-F8FC8596F559}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3176156C-A111-4F36-8509-74F02BEB8332}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5C151F53-6614-4BD8-8198-C5E5E563F053}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76C0CC93-24D0-46EA-8899-A0D534CC97D2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{809DB935-184A-4998-BA00-F2477182E502}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{81872E41-A375-459D-AFF9-C5AB639842D8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{84A2E333-8CAF-43E7-9F6B-1E2DCA4B23D0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8DD5D698-D159-4F7B-AFF4-346E971406E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F4FD098-4C41-48FE-9B87-F216DFEF8925}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99452FB5-E31A-45E8-A934-8D1BF3971408}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A8558A05-43DE-4293-8C06-A065FF6D809C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BA421731-C2F0-42C4-8115-EF210AD0D414}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD56391F-6350-46E4-BB50-70CF753E158B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C2622FA5-9F9F-4BFA-B571-49B4635E96E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA990F82-DFF6-467A-96B3-CF30D2713140}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EC313E40-CF82-4A36-89A7-3576FB5B9EC0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{EDF00CED-ED74-4C84-9E4E-B8C98851E2FD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F0815C82-7728-4BB9-BC06-787182B5D1BF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F0C3E3F9-C362-4C01-8439-8E10B9333287}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{F16344D3-A2AF-43F9-AC9E-384F63126937}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FA55BCDE-955A-43FA-B342-325DE18FB9D8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FAE6C063-685C-47D1-B2DE-165754F88E30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0143C6BA-0EE2-4EC4-B56E-3D0122BD69EF}" = protocol=17 | dir=in | app=c:\users\xxx\desktop\eclipse\eclipse.exe | 
"{07E74C48-DF2B-4394-81D9-114DEC12B6D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C6AFD87-B83A-4967-A6F9-CFB2EEE21867}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0E80008E-4ADA-402B-B6E5-0B096F778E76}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{0F58F26B-C54D-42C3-9424-102203696AD4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{1170EE85-58D3-4BC2-91CF-9568A4A13162}" = protocol=17 | dir=in | app=c:\users\xxx\desktop\programmierung\eclipse\eclipsec.exe | 
"{11A69F02-33DF-4D85-A2D0-44CC7D070314}" = protocol=6 | dir=in | app=c:\program files\openmobile\open mobile.exe | 
"{127DBD5F-5DAD-44DB-B252-07BE7D3C96EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{130EEC48-D7CD-45DE-B9C7-303E87E5BD86}" = protocol=17 | dir=in | app=c:\users\xxx\desktop\beispielprojekte\airserver\airserver\bin\debug\airserver.vshost.exe | 
"{15D085E6-6F99-4193-AD8B-B5C24A088322}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{16B2B3E8-6CDA-43BA-8E7A-2CECD9070B76}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{1A73A8AB-F8E8-4158-A2D5-5936E992FFBA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1BD26C9E-83EF-448E-BDC5-F24BA3574B5A}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe | 
"{1D4C1C29-0E69-4FFA-9240-6CB9D687C7E3}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"{20844454-36D2-44F4-9FAD-B45F5E16293C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2482A814-9565-4B12-9532-7ED0582098AC}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{2673058C-D3C6-410A-8837-085F0E8294BA}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{27050E52-9FFD-44EB-9ABF-75A77DC11794}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{27E676FB-2652-4EF8-B796-0C8545BBE7FA}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{29FDED30-6603-4E7C-9F11-34C670312E9F}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe | 
"{2AA1A441-4A05-45C3-AE85-D9AFB1503F45}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3225703A-E8CE-4A28-823E-96173EDEB519}" = protocol=6 | dir=in | app=c:\users\xxx\desktop\programmierung\eclipse\eclipse.exe | 
"{3413FB08-7983-4ADD-A4F2-F16AFA3423B9}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"{34ABBE29-8D06-4F4E-BBB3-09913F3CB26F}" = protocol=17 | dir=in | app=c:\users\xxx\downloads\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe | 
"{35EB3BFE-1C71-4870-B9EB-3BBF604F5700}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37213867-299B-48E6-A24B-261AC4941753}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{3781369A-97BA-4B6C-9848-690A8B0FFBD7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{381D02D7-EAE6-4F8B-B258-A2DF8FC48ABE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{38427F01-99BA-421A-8AF8-881C3A2F9054}" = protocol=6 | dir=in | app=c:\users\xxx\desktop\beispielprojekte\airserver\airserver\bin\debug\airserver.vshost.exe | 
"{384FFE79-FC37-4CCF-9641-ACB5C4E4CFC8}" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 
"{3A174B93-8B06-40E2-8F15-C4FA0ADAB6EF}" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 
"{3C54BCF0-D271-4706-BA05-074B679866A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EA26829-7104-4392-92CD-631F9818957B}" = protocol=17 | dir=in | app=c:\program files\softsqueeze\softsqueeze.exe | 
"{417485E6-6E74-4D20-9D60-122574C73529}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\swscheduler\dtscoordinatorservice.exe | 
"{41A11663-A1D4-4E34-A40E-722975F55CAA}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"{47BCB5D8-CE60-4AFA-997C-CD38427CD676}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4A94A384-7A04-468C-8402-7E8982084DCD}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{4B37FA78-9816-4BD3-B331-2769A357003F}" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"{4C337313-102C-4E3E-86F7-8C13E8997344}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4C4A919B-A5D7-46BA-A39D-FC3970C6C2B2}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{4C907FD8-F7CB-4521-9C4A-065B3CF8A66A}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"{4D399E0C-780A-4E44-BEA0-8B3DE0F323C8}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\photoview\photoview360_cl.exe | 
"{4F706A7B-407D-4C5F-B0FE-5AD2863B71C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5145A1D6-F991-4424-AB70-F69EC8E01235}" = protocol=6 | dir=in | app=c:\program files\squeezebox\squeezeplay\squeezeplay.exe | 
"{5151A5B6-DE40-412A-9AD8-1C2593DE9131}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{53A6DFF6-B475-4C34-8D0E-AB428CFFD65C}" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"{61D32072-A3CA-4D32-888F-365A23B5C781}" = protocol=17 | dir=in | app=c:\program files\luaedit 2010\luaedit.exe | 
"{62A16EC6-99BC-475F-A16E-17B887B565A6}" = protocol=17 | dir=in | app=c:\users\xxx\desktop\dienstprogramme\xampp\mysql\bin\mysqld.exe | 
"{642083E1-64B2-4E68-8C28-B2E9FF1807D8}" = protocol=17 | dir=in | app=c:\program files\squeezebox\squeezeplay76\squeezeplay.exe | 
"{67BF2091-ACA9-4C5C-852D-27CDC6848679}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe | 
"{68ABA1AD-F0ED-431C-8E06-50FC72B2EF3A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{68F9067B-A345-4EAF-BE0E-C607CE306DD8}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\spotify\spotify.exe | 
"{6E368D98-7FE9-440D-B319-0058C302232D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{70925EA8-3C9A-4C40-B348-6DDD6600C11F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7111099E-FEEC-469B-8271-A060CC655871}" = protocol=6 | dir=out | app=system | 
"{7475BA99-BE0E-484D-939C-4167C73D5730}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{7561D3AD-BCCB-4B36-8085-C9078456820B}" = protocol=6 | dir=in | app=c:\users\xxx\downloads\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe | 
"{76A6F28B-19C3-4581-B476-451E5E73AEA7}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"{7FB9ABA3-9183-44BD-8C15-8BC66830C466}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{80979BAA-AFF9-4332-88EE-2C9B2687983D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{963423B5-86C7-42E7-8BEB-4A20547EB3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{996D32FF-F13F-4996-B288-32ABE3E63674}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{99C18257-4187-4972-A9CE-EA228A02BB18}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9B6E91F3-8327-439F-B1C4-B9BEFA46B50E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9BD0ADA8-5F41-44A8-BDD7-4911B657D5F5}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe | 
"{9FC34A97-28F3-43BA-9CBB-FB2C8A4ABF49}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{A0175CFF-79B5-4B8E-9B69-649F705BC699}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5229E9A-5724-4306-94F5-222D4B0CCFA4}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{A75A9E3F-B805-4949-B3EA-AAFCBD44EEE8}" = protocol=6 | dir=in | app=c:\users\xxx\desktop\redsn0w_win_0.9.10b3\redsn0w.exe | 
"{A7B12703-BA84-4FDE-91C1-84A9FA466AB9}" = protocol=17 | dir=in | app=c:\users\xxx\desktop\redsn0w_win_0.9.10b3\redsn0w.exe | 
"{A93F4026-ADB6-4565-9072-A2219F4B01B0}" = protocol=17 | dir=in | app=c:\users\xxx\desktop\dienstprogramme\xampp\apache\bin\httpd.exe | 
"{AA200341-1D4A-4E7E-974E-E6ABFBD09423}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA3B6F9E-1BAF-496F-9670-E9A8EC25CDAE}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe | 
"{AB48CCDC-872D-4256-8531-3C63589FCA2B}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\photoview\photoview360.exe | 
"{AB78B657-CF79-416C-85EA-24E7DEDBEFB6}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe | 
"{ABDAFB16-7536-47F3-817D-56F8FC10AE9B}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{AC4653CC-C28D-4E96-80AE-70275257A544}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\swscheduler\dtscoordinatorservice.exe | 
"{ADCD1FB6-8D4D-496D-9ADA-A6E4DA77F287}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe | 
"{AE56E4FD-F17C-43C6-BA90-CC7F41FDA40C}" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"{B1EFC80D-9462-4100-A828-728C86E02B13}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"{B208ABCC-2F1E-440D-A69F-670546DF848D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{B25CC406-D1B0-4FD4-B320-DFB87B70CCAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2918E06-D45D-4393-90D4-8EB9476D32BE}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{B51AE277-3EDF-4FAC-A00A-7044A45EA1CF}" = protocol=6 | dir=in | app=c:\program files\luaedit 2010\luaedit.exe | 
"{B9B0E175-0C7D-4913-9879-1DC6AA537A52}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{B9D7A63D-3D6F-44C4-A2D1-775331454621}" = protocol=17 | dir=in | app=c:\users\xxx\desktop\programmierung\eclipse\eclipse.exe | 
"{BF699022-EAC9-4A1E-86AC-BE667DD2E6EC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C09C1CDA-8C02-442A-9ABA-7D803F433B04}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C1D0A54E-71FE-4F4C-8B83-4DE299245A1B}" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\java.exe | 
"{C23EC490-A2A6-41A3-8387-BC10CB46858B}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{C2EC4B47-A963-436F-9984-4F892C78265F}" = protocol=6 | dir=in | app=c:\program files\softsqueeze\softsqueeze.exe | 
"{C429557C-82F0-499F-AE85-6D5409EBD32A}" = protocol=17 | dir=in | app=c:\program files\squeezebox\squeezeplay\squeezeplay.exe | 
"{C8B45EE9-6989-4467-831F-2CC71CFF39B6}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\spotify\spotify.exe | 
"{C9C57FAD-C5A0-4E73-B054-DA4B364EB570}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{CC81ED30-4957-4FE9-88EE-C599A4AB19DF}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"{D2110186-251A-4FE8-942F-A0B7A8D28231}" = protocol=6 | dir=in | app=c:\users\xxx\desktop\programmierung\eclipse\eclipsec.exe | 
"{D213AA87-CBA4-4DE0-B126-008590D4752C}" = protocol=6 | dir=in | app=c:\users\xxx\desktop\dienstprogramme\xampp\mysql\bin\mysqld.exe | 
"{D267D186-31B4-4ABE-B69E-C9C87EF91CB4}" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"{D5737231-EE09-4D6D-915D-2D17FB827859}" = protocol=6 | dir=in | app=c:\users\xxx\desktop\eclipse\eclipse.exe | 
"{D59EC131-44B7-4854-A3F9-7DADC5C03679}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\photoview\photoview360.exe | 
"{D7FB8113-2C02-4D4C-B8CC-72928A545328}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D8CDB9E0-D196-4464-AE63-2453E721FF4E}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{DBB7D9BE-93F3-4A3B-B638-FBD6F0033326}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks (2)\photoview\photoview360_cl.exe | 
"{DC0266D6-651C-408B-ADC8-03B0F3E4AF97}" = protocol=6 | dir=in | app=c:\program files\squeezebox\squeezeplay76\squeezeplay.exe | 
"{DC50AC7C-7C33-4DC5-91B0-D22588138107}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{DE200E3A-E69A-42E7-8ADE-B922183A1408}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{E919985C-EB63-4727-94CD-F29DD84CEDBF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E9330001-1588-4813-858D-AEB047456213}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{E969374F-BAE7-4829-89F5-B768E6855F6F}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe | 
"{E9DB6A0F-D1D3-45AE-8CFE-E45226572CAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1C55402-D1EF-4828-BC67-21B6661068B7}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"{F49A40B6-9E7D-4DB1-A030-9D3B91CB6F40}" = protocol=17 | dir=in | app=c:\program files\openmobile\omhal.exe | 
"{F552EA74-AD33-4FEE-9CAB-12BEBB3B36D4}" = protocol=17 | dir=in | app=c:\program files\openmobile\open mobile.exe | 
"{F6826BE4-6A79-437D-94BF-CD4132EF61E3}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{F85C120F-A5E7-4A44-9115-230B1AB1948A}" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\java.exe | 
"{F96358DB-79E0-43C9-8E1C-92C4BECE04F0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{FAF232B9-EB52-44CC-86DE-1148EAF0D940}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{FC3AC1E8-3167-45AF-83EA-A94BCD19C36F}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{FEA9A804-864F-4134-9B58-4C28AC097A64}" = protocol=6 | dir=in | app=c:\program files\openmobile\omhal.exe | 
"{FEC06B42-5B8C-45DF-A51F-70661D253151}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FEE4FB6A-A214-468B-A7F9-1B651AC2C67C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FFA70A15-BCA1-4253-A35E-DFD1F0C56BE2}" = protocol=6 | dir=in | app=c:\users\xxx\desktop\dienstprogramme\xampp\apache\bin\httpd.exe | 
"TCP Query User{010DD6B9-540D-44AC-A758-2B8B68E4116F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{0723E808-8CD1-44AC-BB51-6022081BB9A9}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{0FE3E343-D54D-49AD-AE85-5190E11F494F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{13EEBC8F-62BD-45FC-BFC6-EAB611E1AAF6}C:\program files\softsqueeze\softsqueeze.exe" = protocol=6 | dir=in | app=c:\program files\softsqueeze\softsqueeze.exe | 
"TCP Query User{1AA6381F-2F8F-4B19-9E9E-2EF1CB3CCD67}C:\users\xxx\downloads\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\xxx\downloads\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe | 
"TCP Query User{35F44EEF-8F6C-4967-8B17-5454143DD135}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{360246FC-C5A8-4292-95C5-E0B5B9E92BB6}C:\program files\squeezebox\squeezeplay\squeezeplay.exe" = protocol=6 | dir=in | app=c:\program files\squeezebox\squeezeplay\squeezeplay.exe | 
"TCP Query User{4C8A0553-E22E-4859-8B0E-9FC97B1E6E25}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{57DFE1A1-0D32-44E6-8AE1-C9668FEBD1B0}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{629A3551-F825-4722-A2BE-C31A6D302615}C:\users\xxx\desktop\programmierung\eclipse\eclipsec.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\programmierung\eclipse\eclipsec.exe | 
"TCP Query User{6D94DD0F-5CEE-4FA5-9099-3DBED76D22C2}C:\users\xxx\desktop\portableapps\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\portableapps\portableapps\freecivportable\app\freeciv\freeciv-server.exe | 
"TCP Query User{6F7D90B6-534A-4E6B-9E42-163D9EF5317F}C:\users\xxx\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\eclipse\eclipse.exe | 
"TCP Query User{71010749-CDAE-492D-9D26-E881EA6F27D8}C:\users\xxx\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{7146AAA5-352C-4531-8F69-63D54FE4A681}C:\users\xxx\desktop\redsn0w_win_0.9.10b3\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\redsn0w_win_0.9.10b3\redsn0w.exe | 
"TCP Query User{80D2A0D8-FA6D-49A0-AD6D-23A384F6A1BF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8A985FCB-423A-4596-BF2E-AA537B120B70}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"TCP Query User{91390E1A-AA37-4412-82DB-0788975195DC}C:\users\xxx\desktop\dienstprogramme\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\dienstprogramme\xampp\apache\bin\httpd.exe | 
"TCP Query User{926B9DEB-F7F1-49B0-B71C-85896B5091E4}C:\users\xxx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{96C80ABF-8396-444D-B3A9-17F0CA6BB5D1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{9CBE2D4D-322E-4E22-B73C-12FC64B7E4CC}C:\users\xxx\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{A854B10A-92D2-4EE5-8002-AA223BB0D033}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{AD395AEB-8D88-4FB2-8EE0-1F93CF0E88F7}C:\users\xxx\desktop\programmierung\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\programmierung\eclipse\eclipse.exe | 
"TCP Query User{C610426E-CF1F-4726-963B-3D3FB6AE5F90}C:\program files\squeezebox\squeezeplay76\squeezeplay.exe" = protocol=6 | dir=in | app=c:\program files\squeezebox\squeezeplay76\squeezeplay.exe | 
"TCP Query User{C8E7DB70-1696-4058-B7F3-9ED1746817CF}C:\program files\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\java.exe | 
"TCP Query User{CAD453CE-46A3-4BB6-860C-41E89A663FA8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{D2C439E4-169C-46A0-A755-99F529DF16E1}C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe | 
"TCP Query User{D8160DE9-E257-4E4B-B507-6FDBFBAC1D41}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{DAE8273D-9F8D-4B6F-886B-F4818835BDF6}C:\program files\luaedit 2010\luaedit.exe" = protocol=6 | dir=in | app=c:\program files\luaedit 2010\luaedit.exe | 
"TCP Query User{DBAD2BBB-8377-4033-85BF-1E03BFC8B691}C:\program files\openmobile\omhal.exe" = protocol=6 | dir=in | app=c:\program files\openmobile\omhal.exe | 
"TCP Query User{E06C8B8A-7488-49C9-8B4D-C2D96F9230C0}C:\users\xxx\desktop\beispielprojekte\airserver\airserver\bin\debug\airserver.vshost.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\beispielprojekte\airserver\airserver\bin\debug\airserver.vshost.exe | 
"TCP Query User{E18DFE66-6624-4411-B6E2-8334DAE20CC2}C:\program files\openmobile\open mobile.exe" = protocol=6 | dir=in | app=c:\program files\openmobile\open mobile.exe | 
"TCP Query User{EA2D894C-43B4-45C7-A40A-11D5A3964A86}C:\users\xxx\desktop\dienstprogramme\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\dienstprogramme\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{F577698B-F9D0-417E-AC1C-0B37E5FE860B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{0018B475-9852-4A3F-9D4A-51D43081C132}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{1699D92C-59FE-4A42-91F5-141EC35DFB1E}C:\program files\openmobile\open mobile.exe" = protocol=17 | dir=in | app=c:\program files\openmobile\open mobile.exe | 
"UDP Query User{19D3E3F2-A99D-4C3D-8523-E49E06559272}C:\users\xxx\desktop\programmierung\eclipse\eclipsec.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\programmierung\eclipse\eclipsec.exe | 
"UDP Query User{26B1316B-29D3-455E-8B6E-E9FB64678A71}C:\users\xxx\desktop\beispielprojekte\airserver\airserver\bin\debug\airserver.vshost.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\beispielprojekte\airserver\airserver\bin\debug\airserver.vshost.exe | 
"UDP Query User{2B3A19C6-A355-414C-B727-1705AC04D15F}C:\users\xxx\downloads\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\xxx\downloads\eclipse-java-indigo-sr1-win32\eclipse\eclipse.exe | 
"UDP Query User{2BED81D7-15AD-435D-A5EF-4FB72D14A61A}C:\users\xxx\desktop\programmierung\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\programmierung\eclipse\eclipse.exe | 
"UDP Query User{2D4694BD-A692-4C19-9E67-4DEC6F784768}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{3BD9CB9D-1E12-4DF6-ACFA-308C12FB10DC}C:\program files\squeezebox\squeezeplay76\squeezeplay.exe" = protocol=17 | dir=in | app=c:\program files\squeezebox\squeezeplay76\squeezeplay.exe | 
"UDP Query User{4A812680-B548-44E3-8D14-88BF6296936D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{503B5C2A-BFA8-4559-8879-89B01DB14E1F}C:\program files\luaedit 2010\luaedit.exe" = protocol=17 | dir=in | app=c:\program files\luaedit 2010\luaedit.exe | 
"UDP Query User{55340463-E703-4194-8070-40A4084D7BE1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{5E60A2E9-17C7-4446-BC2B-2CED73678F8F}C:\users\xxx\desktop\redsn0w_win_0.9.10b3\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\redsn0w_win_0.9.10b3\redsn0w.exe | 
"UDP Query User{6231A7F9-127A-4A84-B33A-1A215ECA7A4F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{63D62562-0EB0-4111-9F2C-2496E2688AF2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{6702D98D-A331-42F1-B4B5-CD642DC7E1BE}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{6A2C7E18-D5BB-4F70-9859-0E8016806D92}C:\program files\softsqueeze\softsqueeze.exe" = protocol=17 | dir=in | app=c:\program files\softsqueeze\softsqueeze.exe | 
"UDP Query User{6D9D8711-75F6-4CCF-A1EA-75C583497D99}C:\users\xxx\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"UDP Query User{8BD4F8E1-9067-47FB-BC13-9D6470B36704}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{8D85D03C-635C-4ECF-AEE0-A80050F115ED}C:\program files\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\java.exe | 
"UDP Query User{8F0DE3FF-4E0A-4F1A-B5C4-F73B8C1A13D1}C:\users\xxx\desktop\dienstprogramme\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\dienstprogramme\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{91459F2C-DCB9-490A-BB2E-DD205DBB59EA}C:\program files\openmobile\omhal.exe" = protocol=17 | dir=in | app=c:\program files\openmobile\omhal.exe | 
"UDP Query User{A119CCD8-3EC0-4D96-A0B3-58928F75891F}C:\users\xxx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{A92A14AF-7DAB-4EFF-B175-A221EC4D0725}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{BD21E2A2-61CC-4C1B-B668-52CB757D57FB}C:\users\xxx\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\eclipse\eclipse.exe | 
"UDP Query User{BDDD50E8-C8F7-486E-9AB0-0340C0A8990A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{C25907B1-B600-44D9-B0FE-4C5B20356F94}C:\users\xxx\desktop\portableapps\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\portableapps\portableapps\freecivportable\app\freeciv\freeciv-server.exe | 
"UDP Query User{C38E59D0-EC62-4D9B-A360-1F8768CCFEE5}C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe | 
"UDP Query User{C4D0CC9C-331D-42C9-8B29-C9DB11EA94B5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C87A6138-6908-4741-B63D-E5FD0D7F488D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D305EE96-1E8E-4567-B510-AD305DDE3E42}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"UDP Query User{D3BB64C9-6D84-41B8-A7EA-292F9891A0B9}C:\program files\squeezebox\squeezeplay\squeezeplay.exe" = protocol=17 | dir=in | app=c:\program files\squeezebox\squeezeplay\squeezeplay.exe | 
"UDP Query User{D92C17E2-2908-4415-AF70-3BFEE24B8732}C:\users\xxx\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{EB7BBFAD-AF5F-48FE-B199-FA99BC5E5E2F}C:\users\xxx\desktop\dienstprogramme\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\dienstprogramme\xampp\apache\bin\httpd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06FA3C52-3F97-439A-9CB9-D707A0783FE7}" = SolidWorks 2011 API SDK
"{0802B79F-257C-4F91-9A1E-7A94588C636A}" = Adobe Flash Builder 4.6
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09B790E3-21E3-4D1A-8130-AAA9227C9785}_is1" = SqueezePlay 7.6.2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{3119B747-1C60-49DC-93EB-D555C4CDA33A}" = SolidWorks Workgroup PDM Server 2012 SP03
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{394D3D87-12FE-4765-836F-F6F727005C9C}" = AVM FRITZ!Fernzugang
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1" = BASCOM-AVR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4C0001B8-244E-42C1-819B-B972895EF03F}" = WinCachebox
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58A53B98-4759-4BBE-8F2D-878CD6B18CE2}" = SolidWorks Explorer 2012 SP03
"{5A043038-3568-4F92-8151-E1EA5C711CBC}" = SolidWorks eDrawings 2012 SP04
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B4898D9-3F52-4941-BB30-43F6A2F01C9B}" = VmciSockets
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6908A0A2-2B7C-403E-AC8C-79C3D6BA2E3D}" = Microsoft SQL Server 2008 R2 Report Builder 3.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{705EE775-5776-48FD-B704-C3C9CF535420}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7BB9974-4D12-4814-A8CE-ACA2E28B33EC}" = eDrawings 2012 API SDK
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}" = Intel® PROSet/Wireless WiFi-Software
"{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 SP1 Redistributable
"{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}" = Acronis*True*Image*Home 2012
"{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}Visible" = Acronis*True*Image*Home 2012
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.1.8
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD9B590-821B-4618-99E5-01830BC8F076}" = BlueStacks
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFADD989-D9F2-49F6-A280-675951CC78D3}" = FRITZ!Box-Fernzugang einrichten
"{EFCDC354-00BA-4D01-A6AF-AF3311DA9F44}" = Word 2007 Content Control Toolkit
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2981EBB-EA20-497E-9F25-CDC95E956921}" = SolidWorks 2012 German Resources
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F78C0EB0-EDFF-4E41-90D1-BF198768102F}" = EASY-SOFT 6 Pro
"{FE706200-62BF-4D25-8B34-DC31189DE902}" = SolidWorks 2012 SP04
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Advanced Video FX Engine" = Advanced Video FX Engine
"avi.NET 3.5.1.0" = avi.NET 3.5.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"BabylonToolbar" = Babylon toolbar on IE
"CDAID_is1" = MarvinTec CDAID 3.20
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"EAGLE 5.11.0" = EAGLE 5.11.0
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"EPSON BX620FWD Series" = EPSON BX620FWD Series Printer Uninstall
"EPSON BX620FWD Series Manual" = EPSON BX620FWD Series Handbuch
"EPSON BX620FWD Series Network Guide" = EPSON BX620FWD Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Fraps" = Fraps
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"FreePortScanner_is1" = FreePortScanner 2.8.4
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GMX Upload-Manager" = GMX Upload-Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"ImgBurn" = ImgBurn
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"IrfanView" = IrfanView (remove only)
"Logitech Media Server_is1" = Logitech Media Server 7.7.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OUTLOOKR" = Microsoft Office Outlook 2007
"PonyProg2000_is1" = PonyProg2000 v2.07c
"ProInst" = Intel PROSet Wireless
"SolidWorks Installation Manager 20120-40300-1100-200" = SolidWorks 2012 SP03
"SolidWorks Installation Manager 20120-40400-1100-200" = SolidWorks 2012 SP04
"Spoiler Sync_is1" = Spoiler Sync
"ST6UNST #1" = DMM
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"t6config" = t6config
"TeamViewer 7" = TeamViewer 7
"UltraISO_is1" = UltraISO Premium V9.52
"VLC media player" = VLC media player 2.0.1
"VMware_Player" = VMware Player
"VobSub" = VobSub v2.23 (Remove Only)
"WhoCrashed_is1" = WhoCrashed 3.05
"Winamp" = Winamp
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"f031ef6ac137efc5" = Dell Driver Download Manager
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2012 14:25:13 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00029647  ID des fehlerhaften Prozesses: 0x3a90  Startzeit der fehlerhaften Anwendung:
 0x01cd89d36cb1c16e  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Berichtskennung:
 084cb0af-f787-11e1-bbdb-fb8715473767
 
Error - 05.09.2012 14:32:19 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm E_FARNGBU.EXE, Version 7.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1ef8    Startzeit:
 01cd8b8f9f63be4c    Endzeit: 25    Anwendungspfad: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNGBU.EXE

Berichts-ID:
 ef5c53ee-f787-11e1-bbdb-fb8715473767  
 
Error - 06.09.2012 08:13:36 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_FARNGBU.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4aaddc94  Name des fehlerhaften Moduls: E_FAPRGBU.DLL, Version: 7.0.0.0,
 Zeitstempel: 0x4b7e3637  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000ab96a  ID des fehlerhaften
 Prozesses: 0x34c0  Startzeit der fehlerhaften Anwendung: 0x01cd8c28e3f5002b  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNGBU.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAPRGBU.DLL
Berichtskennung:
 486f2fb8-f81c-11e1-bbdb-fb8715473767
 
Error - 06.09.2012 08:54:39 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_FARNGBU.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4aaddc94  Name des fehlerhaften Moduls: E_FAPRGBU.DLL, Version: 7.0.0.0,
 Zeitstempel: 0x4b7e3637  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000ab96a  ID des fehlerhaften
 Prozesses: 0x5334  Startzeit der fehlerhaften Anwendung: 0x01cd8c2ea0c5134f  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNGBU.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAPRGBU.DLL
Berichtskennung:
 04786d82-f822-11e1-bbdb-fb8715473767
 
Error - 06.09.2012 09:32:03 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_FARNGBU.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4aaddc94  Name des fehlerhaften Moduls: E_FAPRGBU.DLL, Version: 7.0.0.0,
 Zeitstempel: 0x4b7e3637  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000ab96a  ID des fehlerhaften
 Prozesses: 0x2744  Startzeit der fehlerhaften Anwendung: 0x01cd8c33d280643c  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNGBU.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAPRGBU.DLL
Berichtskennung:
 3e022632-f827-11e1-bbdb-fb8715473767
 
Error - 06.09.2012 11:48:54 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm E_FARNGBU.EXE, Version 7.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 5fc4    Startzeit:
 01cd8c33e6f84115    Endzeit: 27    Anwendungspfad: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNGBU.EXE

Berichts-ID:
 58df3435-f83a-11e1-bbdb-fb8715473767  
 
Error - 08.09.2012 00:59:53 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: APSDaemon.exe, Version: 2.1.19.17,
 Zeitstempel: 0x4fb5bca3  Name des fehlerhaften Moduls: APSDaemon_main.dll, Version:
 2.1.19.17, Zeitstempel: 0x4fb5bce6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000082f0
ID
 des fehlerhaften Prozesses: 0x32d8  Startzeit der fehlerhaften Anwendung: 0x01cd8cdcf4e7bd18
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Common Files\Apple\Apple Application
 Support\APSDaemon.exe  Pfad des fehlerhaften Moduls: C:\Program Files\Common Files\Apple\Apple
 Application Support\APSDaemon_main.dll  Berichtskennung: 064e68f2-f972-11e1-bbdb-fb8715473767
 
Error - 11.09.2012 04:56:07 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: E_FARNGBU.EXE, Version: 7.0.0.0, 
Zeitstempel: 0x4aaddc94  Name des fehlerhaften Moduls: E_FAPRGBU.DLL, Version: 7.0.0.0,
 Zeitstempel: 0x4b7e3637  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000ab96a  ID des fehlerhaften
 Prozesses: 0x92c  Startzeit der fehlerhaften Anwendung: 0x01cd8ffb23dd6d4e  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNGBU.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAPRGBU.DLL
Berichtskennung:
 8602d986-fbee-11e1-bbdb-fb8715473767
 
Error - 11.09.2012 09:39:24 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm eclipsec.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 77c    Startzeit: 
01cd902050794c08    Endzeit: 158    Anwendungspfad: C:\Users\xxx\Desktop\Programmierung\eclipse\eclipsec.exe

Berichts-ID:
 068ffbc3-fc16-11e1-bbdb-fb8715473767  
 
Error - 15.09.2012 07:52:39 | Computer Name = xxx-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 16.09.2012 01:28:03 | Computer Name = xxx-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
[ OSession Events ]
Error - 17.01.2011 13:05:18 | Computer Name = xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 100882
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 30.04.2011 09:36:23 | Computer Name = xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ SolidWorks-DTS Events ]
Error - 22.05.2011 07:10:10 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:10:10 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:17:17 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:20:48 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:20:48 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:20:48 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:27:57 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:27:57 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:46:02 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
Error - 22.05.2011 07:48:21 | Computer Name = xxx-PC | Source = swScheduler | ID = 0
Description = ErrorCode=80004005 ErrorMessage="Unbekannter Fehler" ErrorSource="Microsoft
 JET Database Engine" ErrorDescription="Nicht genügend Arbeitsspeicher."
 
[ System Events ]
Error - 11.09.2012 01:55:43 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Biometriedienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 12.09.2012 02:51:44 | Computer Name = xxx-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 14.09.2012 01:31:26 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Biometriedienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
Error - 14.09.2012 10:20:26 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 14.09.2012 10:21:08 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 14.09.2012 10:22:08 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 15.09.2012 03:57:31 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 15.09.2012 03:57:31 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 15.09.2012 07:52:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 16.09.2012 01:28:03 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
 
< End of report >
         
--- --- ---

[/CODE]

Sag bitte bescheid, wenn der Aufwand zu groß ist.

Dankeschön!

Gruß
Bismosa

Alt 17.09.2012, 14:53   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Bitte ESET ausführen, danach sehen wir weiter!

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.


ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke .
  • Klicke und speichere das Logfile als ESET.txt auf dem Desktop.
  • Klicke Back und Finish
Bitte poste die Logfile hier.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.09.2012, 05:59   #6
bismosa
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Hallo!

Der Scan ist durch. Hier die Log-Datei:
Code:
ATTFilter
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll	Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon application
C:\Users\smolny\AppData\Local\Temp\761DD72E-BAB0-7891-B77D-207912572E41\MyBabylonTB.exe	Win32/Toolbar.Babylon application
C:\Users\smolny\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe	Win32/Toolbar.Babylon application
C:\Users\smolny\AppData\Local\Temp\ICReinstall\cnet2_pscan13_exe.exe	a variant of Win32/InstallCore.D application
C:\Users\smolny\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe	probably a variant of Win32/Adware.ECOHET application
C:\Users\smolny\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}\syshost.exe	Win32/TrojanDownloader.Necurs.B trojan
C:\Users\smolny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\52fae3d1-44b9d1cd	multiple threats
C:\Users\smolny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\34b967df-1311ee1a	a variant of Java/Exploit.CVE-2011-3544.BR trojan
C:\Users\smolny\Documents\Hobby\Handy\Games.part1.rar	a variant of SymbOS/KillPhone.E trojan
C:\Users\smolny\Documents\Hobby\Handy\Games\Games\L\Lock N Load 2.sis	a variant of SymbOS/KillPhone.E trojan
C:\Users\smolny\Downloads\cnet2_pscan13_exe.exe	a variant of Win32/InstallCore.D application
C:\Users\smolny\Downloads\Navi\Geocaching\OziExplorer pack\OziExplorerPack\Ozi\TSRh.Crack.exe	probably a variant of Win32/IRCBot.CDXBLNV trojan
         
Danke und Gruß

Bismosa

Alt 19.09.2012, 11:10   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Code:
ATTFilter
C:\Users\smolny\Downloads\Navi\Geocaching\OziExplorer pack\OziExplorerPack\Ozi\TSRh.Crack.exe
         


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.09.2012, 11:44   #8
bismosa
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Hallo!

Schade, das habe ich nicht gesehen. Ich habe diese Software weder runtergeladen noch benutzt o.ä. Ich kenne sie nicht! Vor ein paar Jahren hatte ich den Laptop verliehen...und ich werde rausbekommen, ob er so etwas gemacht hat.
Ich benutze keine Cracks / Keygens usw. ! Ich entwickle selbst Software...außerdem weiß ich, das man sich damit nur infiziert...und ich setze meinen Rechner wegen ein paar Euros dafür nicht aufs Spiel.

Ich kann dennoch verstehen, wenn der Support in einem solchen Fall eingestellt wird. Ich werde es nicht beweisen können, dass ich so etwas nicht mache.

Schade.

Gruß
Bismosa

Alt 19.09.2012, 12:33   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Wenn du es nicht warst? Naja, irgendwie ist das Teil ja in den Downloadordner gekommen -.-
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.09.2012, 14:02   #10
bismosa
 
Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Standard

Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen



Hallo,

ich selbst war es definitiv nicht. Wie ich bereits geschrieben habe. Ich habe jetzt mit meinem Freund, dem ich damals den Rechner geliehen hatte telefoniert. Er hatte da wohl mal mit unterschiedlicher Software für Fahrradnavigation rumprobiert...aber genau konnte er sich da nicht mehr dran erinnern. Er meinte aber einen Crack, selbst wenn er ihn runtergeladen hat nie eingesetzt zu haben.

Wie auch immer...beweisen kann ich es natürlich nicht und kann die Entscheidung verstehen. Ich weiß somit auch, das ich den Rechner nicht wieder verleihen werde...

Trotzdem vielen Dank.

Gruß
Bismosa

Antwort

Themen zu Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen
antivir, avira, babylon toolbar, babylontoolbar, bho, bluestacks, bonjour, error, firefox, flash player, format, internet, logfile, moved, mozilla, nvidia update, object, performance, plug-in, proxy, prozess, recycle.bin, registry, remote access, scan, security, server, software, spotify web helper, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojaner, usb, virus, visual studio, vodafone, windows




Ähnliche Themen: Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen


  1. Trojan.Siredef.C / Trojan.0Access / Rootkit.0Access
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (9)
  2. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 10.12.2013 (22)
  3. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 02.08.2013 (14)
  4. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  5. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  6. Trojan.Banker, Trojan.0Access, Rootkit.0access in Malwarebytes- Log
    Log-Analyse und Auswertung - 24.10.2012 (5)
  7. Hilfe Virus! Internet tot!Trojan.Ransom.FGen Trojan.0Access
    Log-Analyse und Auswertung - 07.10.2012 (13)
  8. Trojan.Phex.THAGen6, RootKit.0Access, Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  9. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  10. Trojan.Phex.THAGen9 + Trojan.0Access + Sirefef.AH + Sirefef.AL
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  11. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  12. Rootkit.0Access, Trojan.Sirefef, Trojan.Small Befall
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  13. Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
    Log-Analyse und Auswertung - 05.07.2012 (23)
  14. Spam mails vom computer? Trojan.sirefef, Trojan.dropper, trojan.small, etc.etc.
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (13)
  15. trojan.small, trojan.sirefef, rootkit.0access
    Log-Analyse und Auswertung - 29.06.2012 (1)
  16. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  17. Probleme mit Trojan.Small, Trojan.Sirefef.AG.35, Rootkid.0Access,TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 28.06.2012 (23)

Zum Thema Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen - Hallo! Ich hatte gestern beim Surfen im Internet plötzlich eine Admin-Anforderung von cmd.exe. Während dessen hat sich auch gleich Antivir(free) gemeldet mit dem Trojaner TR/Crypt.XPACK.Gen. Es kamen weitere Admin-Anforderungen von - Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen...
Archiv
Du betrachtest: Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.