|
Log-Analyse und Auswertung: Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.10.2012, 20:03 | #1 |
| Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner Hallo Trojaner-Board-Mitglieder, Betriebssystem: Win7 64bit AntiVirus: MSE Firewall: von Windows, mit Windows 7 Firewall Control und Hardware-Firewall Vor ein paar Tagen meldete mir MSE beim Surfen im Internet, dass es eine Gefährung beseitigt hätte und keine weiteren Maßnamen nötig wären. Im Log sah ich dann, dass es einen Trojaner namens Gataka (der sich als googleupdate.exe im User Ordner versteckte) gelöscht und einen Java Exploit in Quarantäne geschickt hat. Die Uhrzeit der Meldung wurde aber ständig aktualisiert solange Firefox offen war – Firefox Profil war wohl infiziert. Ein neuer wurde angelegt und es kamen keine neuen Meldungen. Nichtsdestotrotz wurden mir vorher zwei neue Java Exploits gemeldet: Exploit:Java/CVE-2010-0842.AZ und Exploit:Java/CVE-2011-3544.CG (den Namen des ersten Exploits hab ich leider nicht mehr). Zum Glück fand ich schnell euer Board (hätte ich das mal vor 10 Jahren gekannt, hab in letzter Zeit keine Erfahrungen mit Malware gesammelt, aber kaum hab ich mal das Java Plugin nach ner UStVa aktiviert gelassen, passiert sowas). Generell habe ich keine Veränderungen am System feststellen können, außer dass Firefox zuletzt etwas lahm war. Nun habe ich den Eset Online-Scanner, Emisofts Anti-Malware und den TDSKiller laufen lassen, ohne Ergebnis. Nur bei Emisoft gabs einen Trojan False Alert (siehe logs unten). Ich habe diverse Logs angehängt, kann man daraus deuten ob mein System eventuell noch befallen ist? OTL Code:
ATTFilter OTL logfile created on: 09.10.2012 20:37:04 - Run 3 OTL by OldTimer - Version 3.2.70.2 Folder = E:\Tools 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,84% Memory free 9,86 Gb Paging File | 7,36 Gb Available in Paging File | 74,64% Paging File free Paging file location(s): c:\pagefile.sys 6000 7000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 292,97 Gb Total Space | 129,12 Gb Free Space | 44,07% Space Free | Partition Type: NTFS Drive E: | 303,10 Gb Total Space | 115,64 Gb Free Space | 38,15% Space Free | Partition Type: NTFS Computer Name: ALEXEJ-PC | User Name: Alexej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - E:\Tools\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - E:\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits) PRC - C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () PRC - E:\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION) PRC - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe (Extensis a division of Celartem, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - E:\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu () MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\1Password\js3215R.dll () MOD - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\ExtensisToolbox-1031.dll () MOD - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\libxml2.2.6.24.dll () MOD - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\iconv-1.9.2.dll () MOD - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\libcharset.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Agile1Password) -- C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (wampmysqld) -- E:\Design\Web\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe () SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (wampapache) -- E:\Design\Web\wamp\bin\apache\Apache2.2.21\bin\httpd.exe (Apache Software Foundation) SRV - (Windows7FirewallService) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys () DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys () DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (EyeOneDisplay) -- C:\Windows\SysNative\drivers\i1display_x64.sys (GretagMacbeth LLC) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys () DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (atillk64) -- E:\Tools\Tuning\Radeon Bios Editor\winflash\atillk64.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 63 28 8B 50 9E CD 01 [binary data] IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.04 18:40:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.16 19:28:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.05 20:31:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 01:31:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.25 18:40:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.11.05 02:06:14 | 000,000,000 | ---D | M] (No name found) -- E:\AppData\Roaming\Mozilla\Extensions [2012.10.05 20:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = E:\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = E:\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = E:\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = E:\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: Google Update (Enabled) = E:\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: WOT = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.4_0\ CHR - Extension: YouTube = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Tampermonkey = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.6.2767_0\ CHR - Extension: AdBlock = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\ CHR - Extension: 1Password = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkndfifopckmhdkohjeoljlbfnjhekfg\3.9.8.39899_0\ CHR - Extension: Stealthy = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Mein Chrome-Design = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\1.1.0_0\ CHR - Extension: Stylebot = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7_0\ CHR - Extension: Google Mail = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.08.31 19:28:01 | 000,000,889 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL (AgileBits) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits) O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-277113493-306563280-2322027683-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-277113493-306563280-2322027683-1000..\Run: [FMCore.exe] C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe (Extensis a division of Celartem, Inc.) O4 - HKU\S-1-5-21-277113493-306563280-2322027683-1000..\Run: [Spotify Web Helper] E:\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\basICColor display4 VideoLUT Loader.lnk = C:\Program Files (x86)\basICColor Software\basICColor display 4.1\LUTLoader.exe (Color Solutions) O4 - Startup: C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\ScreenManager Pro for LCD Ver3.3.0.lnk = C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL (AgileBits) O9 - Extra 'Tools' menuitem : 1Password Ctrl+Alt+ß - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL (AgileBits) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{604E0092-F9A6-4C99-A0DF-E9C78BCCFE48}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{640D48A4-6782-4B59-BAF3-CACF8D33A0E9}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.08 23:22:30 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\SUPERAntiSpyware.com [2012.10.08 23:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.10.08 23:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.10.08 23:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.10.07 23:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.10.07 23:30:33 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.10.07 23:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.10.07 23:21:45 | 000,000,000 | ---D | C] -- E:\AppData\Local\Secunia PSI [2012.10.07 23:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012.10.06 18:07:14 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\Malwarebytes [2012.10.06 18:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.06 18:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.06 18:06:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.06 18:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.06 17:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.05 21:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.10.05 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.10.05 21:08:03 | 000,000,000 | ---D | C] -- E:\Documents\Anti-Malware [2012.10.05 19:54:48 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.10.05 19:54:34 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.04 00:18:08 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\QTTabBar [2012.10.03 20:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012.10.03 20:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012.10.03 14:23:20 | 000,000,000 | ---D | C] -- E:\Documents\Guild Wars 2 [2012.09.29 17:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2012.09.26 20:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2012.09.26 20:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fraps [2012.09.26 19:04:45 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.23 20:02:46 | 000,000,000 | ---D | C] -- E:\Documents\1Password [2012.09.23 20:02:41 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\Agile Web Solutions [2012.09.23 20:01:58 | 002,371,584 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\SysWow64\ChilkatZip2.dll [2012.09.23 20:01:58 | 001,572,864 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\SysWow64\ChilkatCrypt2.dll [2012.09.23 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Password [2012.09.23 20:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1Password [2012.09.22 16:40:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 16:40:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.22 16:40:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 16:40:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 16:40:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.22 16:40:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.22 16:40:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 16:40:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 16:40:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.22 16:40:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.22 16:40:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.22 16:40:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 16:40:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.22 16:40:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.22 16:40:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.18 16:21:21 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS [2012.09.14 23:15:14 | 000,000,000 | ---D | C] -- E:\Documents\My Received Files [2012.09.14 17:21:45 | 000,000,000 | ---D | C] -- E:\AppData\Local\Spotify [2012.09.14 17:21:14 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\Spotify [2012.09.14 17:14:39 | 000,000,000 | ---D | C] -- E:\AppData\Local\NuGet [2012.09.12 20:31:56 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\NuGet [2012.09.12 20:12:27 | 000,000,000 | ---D | C] -- C:\Chocolatey [2012.09.12 19:30:15 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 19:30:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 19:30:14 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 19:30:14 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS ========== Files - Modified Within 30 Days ========== [2012.10.09 20:14:32 | 000,028,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.09 20:14:32 | 000,028,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.09 20:13:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.09 20:13:54 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.09 20:13:54 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.09 20:13:54 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.09 20:13:54 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.09 20:09:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.09 20:09:09 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2012.10.09 01:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.09 01:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-277113493-306563280-2322027683-1000UA.job [2012.10.08 23:49:09 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-277113493-306563280-2322027683-1000Core.job [2012.10.08 21:22:53 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.08 21:22:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.07 23:30:33 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.10.07 23:28:57 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.10.05 19:54:29 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.05 19:54:28 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.10.05 19:54:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.10.05 19:54:27 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.10.05 19:54:27 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.10.05 19:54:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.10.05 19:42:23 | 000,007,654 | ---- | M] () -- E:\AppData\Local\resmon.resmoncfg [2012.10.03 20:01:44 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.10.02 22:55:57 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.10.01 19:23:46 | 005,123,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.26 22:38:58 | 000,011,776 | ---- | M] () -- E:\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.25 22:36:45 | 000,001,146 | ---- | M] () -- E:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.09.22 17:07:51 | 000,001,456 | ---- | M] () -- E:\AppData\Local\Adobe Für Web speichern 13.0 Prefs ========== Files Created - No Company Name ========== [2012.10.07 23:28:57 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.10.07 23:28:57 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.10.07 23:21:41 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.10.03 20:01:44 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.28 19:01:54 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk [2012.09.25 22:36:45 | 000,001,146 | ---- | C] () -- E:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.09.22 15:44:32 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2012.09.14 17:21:44 | 000,001,840 | ---- | C] () -- E:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.08.28 18:46:12 | 000,000,132 | ---- | C] () -- E:\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.06.20 00:13:51 | 000,001,456 | ---- | C] () -- E:\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.06.12 19:17:17 | 000,011,776 | ---- | C] () -- E:\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.21 18:20:03 | 000,001,264 | RHS- | C] () -- C:\Users\Alexej\ntuser.pol [2012.03.28 01:04:48 | 000,007,654 | ---- | C] () -- E:\AppData\Local\resmon.resmoncfg [2012.01.26 20:48:44 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012.01.24 20:37:57 | 000,000,132 | ---- | C] () -- E:\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.01.13 18:07:12 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2011.12.27 23:15:21 | 000,000,132 | ---- | C] () -- E:\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.11.13 16:57:08 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2011.11.13 16:57:00 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.11.13 16:57:00 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.11.08 00:46:33 | 000,000,010 | ---- | C] () -- C:\ProgramData\.93067BD7-6BGG-312E-86F3-566EB31BBC4E [2011.11.08 00:46:33 | 000,000,010 | ---- | C] () -- E:\AppData\Local\.56C369H5-8CEH-20F1-75G2-452FC2FCCD50 [2011.11.04 23:28:20 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.04 20:49:54 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.11.04 20:47:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.23 08:56:16 | 004,738,560 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2011.09.25 18:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.12 17:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.01.04 15:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.09.01 19:47:26 | 000,001,456 | ---- | C] () -- E:\AppData\Local\Adobe Für Web speichern 12.0 Prefs ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.10.2012 20:37:04 - Run 3 OTL by OldTimer - Version 3.2.70.2 Folder = E:\Tools 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,84% Memory free 9,86 Gb Paging File | 7,36 Gb Available in Paging File | 74,64% Paging File free Paging file location(s): c:\pagefile.sys 6000 7000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 292,97 Gb Total Space | 129,12 Gb Free Space | 44,07% Space Free | Partition Type: NTFS Drive E: | 303,10 Gb Total Space | 115,64 Gb Free Space | 38,15% Space Free | Partition Type: NTFS Computer Name: ALEXEJ-PC | User Name: Alexej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03F05E34-31FF-45A9-BF3E-99A8F8886E74}" = rport=138 | protocol=17 | dir=out | app=system | "{0AF7A603-D4F4-425B-B94D-0069D63BECFA}" = lport=10243 | protocol=6 | dir=in | app=system | "{1C963316-AA01-4430-8A17-C0903CA5F822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{26230D9A-AA5C-47DB-894A-886D8B470951}" = rport=137 | protocol=17 | dir=out | app=system | "{39D3CAFD-0986-4922-98CE-CDE843AAA449}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C81A738-B69A-4609-A66C-7D40FBD0597D}" = lport=2869 | protocol=6 | dir=in | app=system | "{40D710D6-52EE-40C6-9236-87A7871C71B1}" = rport=139 | protocol=6 | dir=out | app=system | "{6B1E33FC-382F-4660-A0CA-2D98707D56A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{782046AA-BD34-48B2-B3B7-37D19F79BA68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9A2EF394-6142-45B5-9AFD-4C1575E09886}" = rport=10243 | protocol=6 | dir=out | app=system | "{9D43EB7C-33C5-44A1-845C-F5FDD22DB248}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B407FCBA-1F9E-480D-B4D7-1A5305769ABC}" = rport=445 | protocol=6 | dir=out | app=system | "{B4D44AA1-79FE-4C52-9D0D-DC722E40880A}" = lport=137 | protocol=17 | dir=in | app=system | "{B8358A18-4A74-43EC-8D70-BD1FC39E08D5}" = lport=138 | protocol=17 | dir=in | app=system | "{CF5C0903-803B-4D38-9948-5E80F8AF37DF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DF012D16-D58F-43B4-8FF0-590E0014E944}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E3C731CF-5A6B-402C-B711-9DC57350FDD5}" = lport=139 | protocol=6 | dir=in | app=system | "{E4EBC0C1-BC84-4EC2-A52B-0E056D1293CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E8AFB130-AFBE-4144-A773-0FB45833C11C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F09FD322-27DD-49BC-99E9-7FDF146AC18E}" = lport=445 | protocol=6 | dir=in | app=system | "{FD6FAE7A-B6F2-4701-B61E-51871D7B6778}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{012400B3-D07E-43FF-A3A2-F0CE1F208AD1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{02447779-50AD-4B70-B064-FB6CA8D30C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{08834A61-506E-4680-B5F5-3CC60B14F1D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{0D0A05CC-BAA7-4038-A6D2-1BD4131659DB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{1B7663C6-8D97-411F-80A6-9A2D0CB97BE3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1DE3B6DE-CC1F-40D7-A7D4-A795F86AD09C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1FC71E2C-26B4-46FF-8951-19EF20BEA04F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{23D77C7C-BA2A-4E04-B58B-8FCE20ED4712}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{2936F37C-39DB-4216-9F8D-77C016F916AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{36ACC59C-3414-49AB-BD06-ABFAC50D36B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3A27F700-044C-4A82-85F2-75E2F9D326AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3F3430AE-FA01-46D5-9E01-51D0ACEA28D7}" = protocol=6 | dir=in | app=e:\appdata\roaming\dropbox\bin\dropbox.exe | "{4BC18EF0-AF54-401E-9210-D6163FE40439}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5B069FB0-6C39-4C30-AF64-4FD8BA66A87C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5C28AEBB-5782-4562-9933-3AEC436DBB08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6440B556-87F6-45B4-83FB-FE0E7E5BEF11}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6848DDC1-6FE5-451C-9A85-291C1A447F49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7A24FCC7-6B1D-42B4-886C-D4AB9164EAE4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{875C2BDE-F633-429F-BC21-591026E47B8A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8AD350DC-E411-4F51-B989-B4621AB23F61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8C696730-5124-44B1-BDF6-4E858CEB589D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8E33A0F5-3571-4D78-8A2F-44472C40482A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8EE424FD-6425-4F2F-897F-3BE553A1E1ED}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9260A74C-166B-4B6F-9B25-648A3FD6CCB8}" = protocol=6 | dir=out | app=system | "{9AB05F74-F714-413F-BCF0-AC964C00A087}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{9C27E89D-DB9B-4A05-9017-DA1DD081EE13}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9EE80AB3-B918-46E1-86B8-A7D0F2CFF6C1}" = protocol=17 | dir=in | app=e:\appdata\roaming\dropbox\bin\dropbox.exe | "{AD5DE146-4408-4D98-A3C5-F38E220912A6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B3A8261F-F732-46C7-9B37-887B215F2045}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{BA0B5BEC-ABB8-4771-AADE-C12B2F0C10F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BC06FC15-51D4-4899-955E-320E25F64639}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC64EED0-3FAD-46ED-9718-3F5160341AA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BD365CED-3369-4ECC-90AD-F243DB52B692}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BDE53C72-4A67-45A9-BF2C-7EF072173C24}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BE027EA0-C75D-42E1-8C6B-3BBDE992C942}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C33E1405-7D92-4C00-A4CE-852665D54DAD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C4036A9C-A86E-4305-BE4C-0E90625FECA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{CB09767A-C30C-4ED6-8AA3-6781C019A260}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F4560B69-FD96-43CB-AC5D-3FA075346DA4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F7E152CC-9702-432F-B273-EFF7DA1D657A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F97EFA76-1499-49FD-905A-C1AEEFF0CC73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FADF99D0-69A0-4CFA-A18C-9C197C228CB5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FC14C0E5-B74C-477D-8A60-021016D8EC81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF74CD61-71F1-4BC5-806A-79501EAA70A2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "TCP Query User{0320E995-1833-428B-BB1F-DB512FCF1A09}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{11BAAE94-5226-47E1-8ABB-EFE34933AC3E}C:\program files (x86)\adobe\adobe flash cs6\flash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs6\flash.exe | "TCP Query User{20CF0B86-3D48-4ADF-B8B6-AFC2230FEBD2}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{2ADFDED0-77E4-4711-90D2-1D1F6D1287BB}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{4FCAF3F8-C4C3-4C86-A543-7C0B9DE38B27}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{676ABCE0-B5D0-469B-8AE2-434ED17E28B1}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "TCP Query User{8E74AA42-F6B7-43DE-A0B2-2C1FAF0BA56C}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "TCP Query User{924D5A61-1557-4435-ABF7-C1BB30D4375C}C:\program files\sublime text 2\sublime_text.exe" = protocol=6 | dir=in | app=c:\program files\sublime text 2\sublime_text.exe | "TCP Query User{9EB2403F-99EA-43A1-A9E0-9C6BE4BDD0CB}C:\program files\java\jre7\launch4j-tmp\fire-app.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\fire-app.exe | "TCP Query User{B755F6A7-0C64-4B0E-A42B-B4119409BC31}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{B86DA915-3243-4994-9B91-E4D756F3A93F}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "TCP Query User{C1253740-5FA3-4E84-95BF-39076D311086}E:\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=e:\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{CA1E147F-238B-4D52-B15F-D10554606268}E:\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=e:\appdata\roaming\spotify\spotify.exe | "TCP Query User{DB9E69CF-B533-4A50-A441-10F541F92FCC}E:\design\web\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=e:\design\web\wamp\bin\apache\apache2.2.21\bin\httpd.exe | "TCP Query User{F5C882DF-191C-4DBE-B66E-41240F40BC74}C:\users\alexej\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\alexej\appdata\local\temp\gw2.exe | "TCP Query User{FB7AF3CA-6C65-466F-A6AD-D1E6AC53B143}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{195964C5-A588-4E02-9242-DA6138B7CCCC}C:\program files (x86)\adobe\adobe flash cs6\flash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs6\flash.exe | "UDP Query User{4BBB4E10-93C6-432D-AE1A-6DB86E7C39F6}C:\program files\sublime text 2\sublime_text.exe" = protocol=17 | dir=in | app=c:\program files\sublime text 2\sublime_text.exe | "UDP Query User{668CA28B-5690-4624-BEB5-40D15BCF93A0}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "UDP Query User{75E7BB40-AECD-48A4-A847-44C769059BF3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{84DAF44C-3561-456A-86E7-878FC4A3249C}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "UDP Query User{8EC0486E-E60D-4BFE-9D86-08A02BC193C0}E:\design\web\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=e:\design\web\wamp\bin\apache\apache2.2.21\bin\httpd.exe | "UDP Query User{A44CAEC3-CF83-4253-90D8-AB5A21CD697B}C:\program files\java\jre7\launch4j-tmp\fire-app.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\fire-app.exe | "UDP Query User{C6C69E19-91CD-4820-A992-825F3BDCB890}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{CA824DCE-F95E-495F-B744-EFA4BC0596DF}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "UDP Query User{E49DB278-8C13-4A3D-84EB-C4DF14ACCDB0}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{EB8CCEFD-373C-411C-A8D7-697865D6B763}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{ECDF9493-9DC8-4B68-9916-D70FE9330F87}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{F88D2BBF-93D7-44A0-A626-E404F6D5BDB7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{FAEF02D7-3E08-460B-A597-4EA6636E8EC5}C:\users\alexej\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\alexej\appdata\local\temp\gw2.exe | "UDP Query User{FDA41DC9-3479-4CD1-AFBD-2B78F65EDFCF}E:\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=e:\appdata\roaming\spotify\spotify.exe | "UDP Query User{FECEB64F-BEC4-4B51-81E8-A400694A8C19}E:\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=e:\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{089E65D5-D06A-FE49-8D9C-9CABDF8858F5}" = ccc-utility64 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF1445AC-106C-4A8F-B344-11870D57413C}" = Node.js "CCleaner" = CCleaner "Defraggler" = Defraggler "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SP6" = Logitech SetPoint 6.32 "Sublime Text 2_is1" = Sublime Text 2.0.1 "TeraCopy_is1" = TeraCopy 2.27 "Unlocker" = Unlocker 1.9.1-x64 "Wacom Tablet Driver" = Wacom Tablett "Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.21.93 "WinRAR archiver" = WinRAR 4.00 (64-Bit) "x64 Components_is1" = x64 Components v3.2.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.0 "{24BAF91E-4A03-455C-88F7-BF2457F98347}_is1" = basICColor display 4.1.20 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool "{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch "{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek "{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish "{3BCD05CE-8CDE-9503-8794-D8CDB9FA8562}" = Catalyst Control Center InstallProxy "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4 "{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian "{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese "{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French "{7EDF4F60-E41A-4D55-8400-A633443C0065}" = QTTabBar 1.5.0.0 Beta 2 "{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common "{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional "{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = Catalyst Control Center "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard "{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AD0F13E2-0554-454C-83AD-0D19291FE924}" = Extensis Suitcase Fusion 3 "{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean "{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD "{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0 "{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish "{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection "{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2DDDE93-4AA2-3116-3985-57CCFF4F804C}" = Adobe® Content Viewer "{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "1Password_is1" = 1Password 1.0.9.299 "5513-1208-7298-9440" = JDownloader 0.9 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Afterburner" = MSI Afterburner 2.2.3 "Android SDK Tools" = Android SDK Tools "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "com.adobe.dmp.contentviewer" = Adobe® Content Viewer "com.adobe.WidgetBrowser" = Adobe Widget Browser "DAEMON Tools Lite" = DAEMON Tools Lite "dBpoweramp DSP Effects" = dBpoweramp DSP Effects "dBpoweramp Music Converter" = dBpoweramp Music Converter "Diablo III" = Diablo III "DivX Setup" = DivX-Setup "ESET Online Scanner" = ESET Online Scanner v3 "FileHippo.com" = FileHippo.com Update Checker "Fraps" = Fraps "GalaxyNexusToolKit740" = Galaxy Nexus ToolKit "Guild Wars 2" = Guild Wars 2 "i1_driver_installer_utility_is1" = i1_driver_installer_utility version 1.0 "i1_driver_installer_wizard_is1" = i1_driver_installer_wizard version 1.0 "InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Miranda IM" = Miranda IM 0.10.2 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Mp3tag" = Mp3tag v2.49a "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PowerISO" = PowerISO "QuicktimeAlt_is1" = QuickTime Alternative 3.2.2 "Revo Uninstaller" = Revo Uninstaller 1.93 "Secunia PSI" = Secunia PSI (3.0.0.4001) "Steam App 28050" = Deus Ex: Human Revolution "Steam App 72850" = The Elder Scrolls V: Skyrim "TeamViewer 7" = TeamViewer 7 "VLC media player" = VLC media player 2.0.2 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WampServer 2_is1" = WampServer 2.2 "Winamp" = Winamp ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Spotify" = Spotify "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.09.2012 10:20:31 | Computer Name = Alexej-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c30 Startzeit: 01cd9666fd9734a7 Endzeit: 40 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 298e3dcc-0265-11e2-b133-0023542a21ba Error - 19.09.2012 12:46:49 | Computer Name = Alexej-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_wcncsvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c96e Ausnahmecode: 0xc0020043 Fehleroffset: 0x000000000008a973 ID des fehlerhaften Prozesses: 0x12b4 Startzeit der fehlerhaften Anwendung: 0x01cd968469bf2f66 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll Berichtskennung: 9ac51fb3-0279-11e2-971b-0023542a21ba Error - 26.09.2012 12:55:05 | Computer Name = Alexej-PC | Source = TabletServiceWacom | ID = 1 Description = Error - 29.09.2012 10:42:31 | Computer Name = Alexej-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 63c Startzeit: 01cd9e508a603168 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 29.09.2012 11:39:07 | Computer Name = Alexej-PC | Source = VSS | ID = 22 Description = Error - 29.09.2012 11:39:07 | Computer Name = Alexej-PC | Source = VSS | ID = 8193 Description = Error - 03.10.2012 14:18:41 | Computer Name = Alexej-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f3c Startzeit: 01cda192155717a8 Endzeit: 35 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: befeda8f-0d86-11e2-81e1-0023542a21ba Error - 05.10.2012 14:18:18 | Computer Name = Alexej-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ecc Startzeit: 01cda325aea20bad Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 05a5a09c-0f19-11e2-b7f1-0023542a21ba Error - 06.10.2012 11:55:50 | Computer Name = Alexej-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 07.10.2012 09:31:35 | Computer Name = Alexej-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 25.04.2012 12:20:48 | Computer Name = Alexej-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unbekannter Fehler Reason: %%842 Error - 02.05.2012 16:45:18 | Computer Name = Alexej-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden. Error - 02.05.2012 16:45:19 | Computer Name = Alexej-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden. Error - 02.05.2012 16:45:19 | Computer Name = Alexej-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden. Error - 06.05.2012 12:50:10 | Computer Name = Alexej-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 06.05.2012 12:50:10 | Computer Name = Alexej-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Error - 06.05.2012 12:52:47 | Computer Name = Alexej-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 06.05.2012 12:52:47 | Computer Name = Alexej-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Error - 07.05.2012 12:59:30 | Computer Name = Alexej-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1266.0 Update Source: %%859 Update Stage: %%854 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 16.05.2012 13:45:24 | Computer Name = Alexej-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{604E0092-F9A6-4C99-A0DF-E9C78BCCFE48} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Alexej :: ALEXEJ-PC [Administrator] 06.10.2012 20:02:08 mbam-log-2012-10-06 (20-02-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234377 Laufzeit: 6 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Alexej\AppData\Local\Temp\NODBC0D.tmp (Trojan.FakeAlert) -> 2072 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Alexej\AppData\Local\Temp\NODBC0D.tmp (Trojan.FakeAlert) -> Löschen bei Neustart. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Alexej :: ALEXEJ-PC [Administrator] 06.10.2012 20:23:26 mbam-log-2012-10-06 (20-23-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234164 Laufzeit: 12 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
10.10.2012, 08:44 | #2 |
/// Malwareteam | Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
__________________
__________________ |
10.10.2012, 20:46 | #3 |
| Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner Hallo,
__________________danke für die Antwort. Hier das Ergebnis: Code:
ATTFilter CKScanner - Additional Security Risks - These are not necessarily bad c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm c:\program files (x86)\jdownloader\jd\plugins\hoster\crackedcom.class scanner sequence 3.LB.11.BTNAEX ----- EOF ----- |
11.10.2012, 06:30 | #4 | |
/// Malwareteam | Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka TrojanerZitat:
Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren. Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien ) Dies ist einer der Hauptursachen für Infektionen. Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden. Darum haben wir uns darauf geeinigt: Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
11.10.2012, 07:59 | #5 |
| Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner Lieber Psychotic, ab und zu verwendet auch meine Freundin den Rechner – früher öfter als jetzt – und wenn ich es bei google richtig nachgeschlagen habe, hat KMS was mit Office zu tun, was sie mal vor nem Jahr bei mir (ihren Angaben nach) als Testversion installiert hatte, weil sie es wohl für die Uni brauchte … Da ich das nicht benutze habe ich auch keine Ahnung, ob es wirklich eine Testversion war. Dreamweaver kann gar nicht gecrackt sein, weil ich es mir für die Arbeit (mitsamt der gesamten Master Collection) kaufen musste – wenn du willst kann ich dir sogar noch den Kaufbeleg dafür schicken. Ich wäre also sehr dankbar, wenn du mir noch weiterhelfen und mich nicht direkt verurteilen würdest |
Themen zu Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner |
0x80004005, 7-zip, audacity, battle.net, bho, bonjour, browser, canon, document, emsisoft, error, firefox, flash player, format, galaxy, hal.dll, hijack, homepage, iexplore.exe, internet, java plugin, jdownloader, logfile, malware, mozilla, mp3, netzwerk, plug-in, poweriso, realtek, registry, revo uninstaller, richtlinie, rundll, secunia psi, security, software, spotify web helper, svchost.exe, trojaner, windows |