| |
| |||||||
Log-Analyse und Auswertung: Trojaner Bundespolizei 2.07 (unter Window 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.11.2012, 23:21
| #1 |
 |  Trojaner Bundespolizei 2.07 (unter Window 7) Hi, bei mir hat sich gestern der Trojaner Bundespolizei in der Version 2.07 eingenistet. Nach längerer Recherche, habe ich mit Kaspersky WindowsUnlocker meinen Rechner wieder entsperren können. Dateien waren zum Glück keine verschlüsselt. Heute habe ich mit Malwarebytes 6 Stunden lang einen Scan laufen lassen wo mir 24 Dateien als infiziert angezeigt wurden. Diese habe ich dann gelöscht (irgendwo hier habe ich dann später erst gelesen ich hätte die Files in Quarantäne platzieren sollen). Der Rechner macht den "Anschein", den ersten "Schnupfen" überwunden zu haben. Was mich jetzt aber stutzig macht - ich kann avast professional zwar installieren aber nicht ausführen nach dem Re-Start. Ich hoffe mir kann jemand helfen wie ich den Rechner wieder sauber bekomme. Oder sollte ich den Rechner lieber gleich neu aufsetzen? Beste Grüße Oli OTL.txt Code:
ATTFilter OTL logfile created on: 17.11.2012 22:43:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\im-med\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,30 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 57,43% Memory free 4,60 Gb Paging File | 3,27 Gb Available in Paging File | 71,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 284,99 Gb Total Space | 155,72 Gb Free Space | 54,64% Space Free | Partition Type: NTFS Computer Name: im-medi | User Name: im-med | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.17 22:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe PRC - [2012.11.12 17:03:55 | 006,610,592 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2012.09.30 12:01:09 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe PRC - [2011.01.05 14:24:24 | 000,714,120 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe PRC - [2011.01.05 14:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2011.01.05 14:24:16 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe PRC - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe ========== Modules (No Company Name) ========== MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe MOD - [2010.04.05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizard.dll MOD - [2010.04.05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\customui.dll MOD - [2010.04.05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epfunct.dll MOD - [2010.04.05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\eputil.dll MOD - [2010.04.05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\imagutil.dll MOD - [2009.11.16 19:31:58 | 000,069,632 | ---- | M] () -- C:\Programme\PSPad editor\PSPadShell.dll MOD - [2009.06.23 05:11:04 | 000,102,400 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epoemdll.dll MOD - [2009.06.23 05:10:29 | 000,045,056 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epstring.dll MOD - [2009.06.23 05:09:11 | 002,203,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizres.dll MOD - [2009.03.02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecptp.dll ========== Services (SafeList) ========== SRV - [2012.10.29 12:20:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.01 12:25:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.10 17:57:18 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.01.05 14:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device) SRV - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012.09.30 12:01:17 | 000,520,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2012.09.30 11:54:13 | 009,945,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.26 13:56:17 | 000,121,248 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.08.21 11:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012.08.21 11:13:13 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.13 12:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.09.17 18:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.29 16:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 16:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 12:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.10.09 12:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.10.09 12:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\BrPar.sys -- (BrPar) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 6C A8 21 F6 9E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10 FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.20 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2012.09.30 11:23:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.17 22:19:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 12:20:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 12:20:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.30 15:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Extensions [2012.11.02 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions [2012.10.13 20:12:31 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.09.30 21:47:25 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.11.02 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\trash [2012.11.02 08:40:27 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.11 09:07:05 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.09.30 21:47:25 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012.09.30 21:47:26 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.10.26 09:03:34 | 002,042,937 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\trash\firebug@software.joehewitt.com.xpi [2012.10.29 12:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.29 12:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.29 12:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.29 12:20:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: avast! WebRep = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: Google Mail = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.10.01 12:21:38 | 000,001,304 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\im-med\AppData\Roaming\Mozilla\Firefox\Profiles\367h1v77.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe () O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [{896FA599-5F89-AD42-B1F4-CEF0A900EDED}] "C:\Users\im-med\AppData\Roaming\Albea\samyh.exe" File not found O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A4E9AF-6E8F-42C6-B0FE-DD0505DF217D}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FEE007D-B489-49D7-B545-969B938158D4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f690a86d-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell - "" = AutoRun O33 - MountPoints2\{f690a86d-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f690a92b-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell - "" = AutoRun O33 - MountPoints2\{f690a92b-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 22:28:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe [2012.11.17 22:21:48 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.11.17 22:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2012.11.17 22:21:46 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.11.17 22:21:38 | 000,113,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2012.11.17 22:21:01 | 000,202,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2012.11.17 22:20:59 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2012.11.17 22:20:57 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.11.17 22:20:56 | 000,018,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2012.11.17 22:20:54 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.11.17 22:20:50 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.11.17 22:19:34 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys [2012.11.17 22:19:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.11.17 22:19:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.11.17 13:57:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Malwarebytes [2012.11.17 13:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.17 13:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.17 13:57:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.17 13:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.16 21:20:40 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Canneverbe Limited [2012.11.16 21:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.11.16 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.11.14 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Kreditkarte - Atlassian [2012.11.14 15:22:10 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Leadmanufaktur [2012.11.14 11:04:46 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind [2012.11.14 11:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind [2012.11.14 11:04:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\Application Data [2012.11.14 11:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\XMind [2012.11.13 13:49:10 | 000,000,000 | ---D | C] -- C:\Users\im-med\Documents\#Companies [2012.11.04 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\im-med\Documents\_Privat [2012.11.04 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite [2012.11.04 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\WindSolutions [2012.11.04 19:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2012.11.04 19:09:26 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Moka [2012.11.04 19:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTwin [2012.11.04 19:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTwin [2012.11.02 10:37:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\GMX [2012.11.02 10:37:25 | 000,086,016 | ---- | C] (GMX GmbH) -- C:\Windows\System32\UIGMXMON.DLL [2012.11.02 10:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX [2012.11.02 10:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\GMX [2012.11.02 10:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\GMX [2012.10.29 12:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.24 13:31:03 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Smooth_Arrows_by_Limoli.csh [2012.10.24 11:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.10.24 11:25:01 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2012.10.24 11:07:05 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2012.11.17 22:49:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4229072982-2054732327-2107518541-1000UA.job [2012.11.17 22:40:20 | 000,000,000 | ---- | M] () -- C:\Users\im-med\defogger_reenable [2012.11.17 22:32:19 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 22:32:19 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 22:31:55 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.17 22:31:55 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.17 22:31:55 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.17 22:31:55 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.17 22:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe [2012.11.17 22:24:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.17 22:24:16 | 1853,136,896 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 22:21:48 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012.11.17 22:20:50 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.11.17 20:49:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4229072982-2054732327-2107518541-1000Core.job [2012.11.17 13:58:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.17 12:56:48 | 002,338,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 21:20:33 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.11.15 10:35:20 | 000,003,849 | ---- | M] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check_dbf.eig [2012.11.15 09:45:20 | 000,004,214 | ---- | M] () -- C:\Users\im-med\Desktop\xmregs Report_raffle Details_20121115.csv [2012.11.12 11:58:31 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.11.04 19:17:25 | 000,001,441 | ---- | M] () -- C:\Users\im-med\Desktop\CopyTrans Control Center.lnk [2012.11.04 19:09:19 | 000,000,929 | ---- | M] () -- C:\Users\im-med\Desktop\iTwin.lnk [2012.10.30 13:00:59 | 000,131,284 | ---- | M] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check.DBF [2012.10.30 11:48:33 | 000,002,657 | ---- | M] () -- C:\Users\im-med\Desktop\adcell_stornos_20121030.csv [2012.10.24 18:51:10 | 000,386,556 | ---- | M] () -- C:\Users\im-med\Desktop\Tobias Herrmann _ XING Kontakte.pdf ========== Files Created - No Company Name ========== [2012.11.17 22:40:20 | 000,000,000 | ---- | C] () -- C:\Users\im-med\defogger_reenable [2012.11.17 22:21:48 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012.11.17 13:57:08 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.17 12:46:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 12:45:19 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.16 21:20:33 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.11.16 21:20:32 | 000,001,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.11.15 09:45:15 | 000,004,214 | ---- | C] () -- C:\Users\im-med\Desktop\xmregs Report_raffle Details_20121115.csv [2012.11.04 19:17:25 | 000,001,441 | ---- | C] () -- C:\Users\im-med\Desktop\CopyTrans Control Center.lnk [2012.11.04 19:09:19 | 000,000,929 | ---- | C] () -- C:\Users\im-med\Desktop\iTwin.lnk [2012.10.30 11:47:07 | 000,002,657 | ---- | C] () -- C:\Users\im-med\Desktop\adcell_stornos_20121030.csv [2012.10.30 11:13:11 | 000,003,849 | ---- | C] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check_dbf.eig [2012.10.30 11:10:22 | 000,131,284 | ---- | C] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check.DBF [2012.10.24 18:51:04 | 000,386,556 | ---- | C] () -- C:\Users\im-med\Desktop\Tobias Herrmann _ XING Kontakte.pdf [2012.10.01 14:20:09 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2012.10.01 14:20:07 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.10.01 14:20:07 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5270DN.DAT [2012.10.01 14:18:13 | 000,000,060 | R--- | C] () -- C:\Program Files\BRINST.INI [2012.10.01 14:06:56 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini [2012.10.01 13:27:13 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.10.01 13:25:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.10.01 11:58:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll [2012.10.01 11:58:10 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll [2012.10.01 11:58:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll [2012.10.01 11:58:09 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll [2012.10.01 11:58:09 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll [2012.10.01 11:57:33 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll [2012.10.01 11:57:33 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll [2012.10.01 11:57:33 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll [2012.10.01 11:57:33 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll [2012.10.01 11:57:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll [2012.10.01 11:57:33 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe [2012.10.01 11:57:33 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll [2012.10.01 11:57:33 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe [2012.10.01 11:57:33 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll [2012.10.01 11:57:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll [2012.10.01 11:57:33 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll [2012.10.01 11:57:33 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll [2012.10.01 11:57:33 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll [2012.10.01 11:57:33 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe [2012.10.01 11:57:33 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll [2012.10.01 11:57:33 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll [2012.10.01 11:57:33 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll [2012.10.01 11:57:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll [2012.10.01 11:57:33 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll [2012.10.01 11:57:33 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll [2012.10.01 11:57:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll [2012.10.01 11:57:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll [2012.10.01 11:57:26 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll [2012.10.01 11:57:26 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll [2012.10.01 07:25:20 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.09.30 12:18:25 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2012.09.30 12:02:10 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2011.01.11 20:41:30 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2011.01.11 20:41:28 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011.01.11 20:41:28 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2011.01.11 20:09:12 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011.01.11 20:06:56 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.17 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Albea [2012.09.30 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Bytemobile [2012.11.16 21:20:40 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Canneverbe Limited [2012.11.05 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\FileZilla [2012.10.02 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\FireShot [2012.11.02 10:37:31 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\GMX [2012.11.04 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Moka [2012.10.24 11:25:02 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\pdfforge [2012.09.30 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Vodafone [2012.09.30 11:27:00 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Vodafone Mobile Connect [2012.11.04 19:39:21 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 17.11.2012 22:43:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\im-med\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,30 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 57,43% Memory free
4,60 Gb Paging File | 3,27 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,99 Gb Total Space | 155,72 Gb Free Space | 54,64% Space Free | Partition Type: NTFS
Computer Name: im-medi | User Name: im-med | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009F7B72-A330-48C9-85D1-60AFD5DE52AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{086BFEEF-C93C-497C-9437-227486795D0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0999BB4A-7D4F-4B89-8D1D-C1265DE3F719}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13B7AFB5-8479-4BB2-8EBC-EDAA36BF3C55}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{1FD09251-B030-4AF8-B9C9-DF722D8450ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{2177F39A-5C20-4582-8874-A6DDB12F6F3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{230FE251-99BC-42A6-9401-7D8FA63A44D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34AE78C5-1DEB-4BB6-896C-C40CEDBA4FA6}" = lport=139 | protocol=6 | dir=in | app=system |
"{35352748-6F7A-4023-A48D-E80026819A89}" = rport=139 | protocol=6 | dir=out | app=system |
"{429162CD-CB76-4DB0-9A36-CC04DA5C200D}" = rport=138 | protocol=17 | dir=out | app=system |
"{4CC11F06-62AF-4745-85FD-D1FC6ACEAAFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60A24E71-91F3-4668-B1C4-D6EF65EBC3B4}" = lport=138 | protocol=17 | dir=in | app=system |
"{618B6DDB-D1D3-4B40-B7D0-4351C924F8C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{684DBBF6-4C64-4634-8207-E81EBACB0571}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FE9E805-8B4F-4B9C-82E0-FFC6A60E9686}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{719EDAEE-5B4B-4EE3-827D-0ED0D34E9EEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7418BE61-8611-478B-BBDB-36D0E7250880}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95020FDF-545D-49BD-A1FD-92FA3C945D31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5496FF9-0430-418D-8671-E1B3DFF21AD0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AF49D643-17F5-414A-A257-C8CA2752AEA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C366341D-2B46-44A4-ACBF-94C3F914EDDE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C501AB6D-7E79-41A1-978F-A03F6655F408}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6B019A6-E3C6-496F-BF1E-4CFA0408546A}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA15B0B8-3C62-470A-AE1C-211EBDB1004F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FFB4665D-75B5-4C47-83C7-D50F7A840E94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0842BBE2-A663-4B05-A20A-C0880A005B37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B078D9D-3907-48AF-A459-5FF5785C4496}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{0C5C935A-AB1C-4F8B-A36D-0F62201AD41A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1104325E-4DA8-4D43-9E4E-0534E42A7693}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1F73A9DC-F2B9-4955-A989-1D0EE7B743A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A9AE2E2-3658-471A-BFBE-61BDE3DD0DFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30B929C7-8A1F-4E1E-BB4A-B191272B54B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C324557-D38D-41A5-9441-8EC21B9E0A73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3DDA006C-401E-4626-A8DE-58E9AABCB30A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C36D7AC-B902-4F82-B94A-1D022AD759DE}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{7A053C22-22E6-4037-8B92-DF4E49A5F7F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EF13B66-E933-449D-A81E-3936C23E47E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{930859CF-8287-4AB9-B366-F792F47E626E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9BF41D3B-C7D1-47B5-B7FF-C485396CED78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C915439-9EA8-44A0-AE2D-3A4F0EEDD3FB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A7F5319F-F10F-47BD-BDCF-7B5C5A0DB827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9D05464-1F41-4A9D-8A46-1D1601D3B012}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B36BB1EB-8F0D-4B11-B67E-E0581E51C7C1}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{B7860D1F-1892-4227-B0E6-188832512744}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA69FDD3-12CA-4ADB-88E3-F5AF3ADF5796}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D27A7749-39F6-4940-BDCC-4FB16ACB4851}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D93631C9-1DE1-483C-8FC1-BF1AADDCC0B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE59B111-2250-4C8B-A74B-F7F4AF20A8DC}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{DF577650-10A1-40D2-A0EC-906955C1ACBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E025B650-3217-46D7-8AB1-1156215E7B23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F13D36AB-3E63-4F9A-B96F-A823CEBB41C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2ABEAEB-F58C-40DE-AC69-FDCE0E09B2A5}" = protocol=6 | dir=out | app=system |
"{F346281D-D03C-4527-9586-E206B521003C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F625D04A-71C7-4D68-8DE1-50A6D52C8FBE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{BC62F20F-922E-4C6F-A435-83288A008206}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BEBD938C-906E-4448-A2D8-87A73634E864}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D6D26B2D-EAA7-47D9-85DE-7220FC75E5AA}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E6288DD0-5B3B-42B0-8C55-B31BD2D7AC75}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E804E58F-1F43-40DC-B30C-EAFCF3D7D1FF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{31AEDA06-A4F7-4BE9-B1C4-6FD1FAFBAA0C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{3EAF3749-795E-4BFA-B2B7-4F745D090AC5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{66287A91-A075-4BA9-BE56-8AD767D8CEA3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7C7A55AF-BCEA-4361-B41B-D33BF4FA7816}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B4AA90C4-0BF2-4CC7-8069-7EA06CBA6F29}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.11
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"AnyDVD" = AnyDVD
"avast" = avast! Internet Security
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FileZilla Client" = FileZilla Client 3.5.3
"GMX ProfiFax" = GMX ProfiFax
"iTwin_is1" = iTwin 3.3 Final
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"MailCom Adressen-Tools 7.0" = MailCom Adressen-Tools 7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"PSPad editor_is1" = PSPad editor
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.3
"XMind" = XMind
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.11.2012 13:15:30 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1632737
Error - 17.11.2012 13:15:30 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1632737
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 455538
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 455538
Error - 17.11.2012 15:41:22 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 17.11.2012 16:11:16 | Computer Name = im-medi | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 17.11.2012 17:05:44 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 17.11.2012 17:15:42 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 17.11.2012 17:24:49 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 17.11.2012 17:15:35 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 17.11.2012 17:15:47 | Computer Name = im-medi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM
Error - 17.11.2012 17:21:58 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
avast! Antivirus erreicht.
Error - 17.11.2012 17:21:58 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 17.11.2012 17:24:40 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
avast! Antivirus erreicht.
Error - 17.11.2012 17:24:40 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7002
Description = Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxecCATSCustConnectService erreicht.
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 17.11.2012 17:24:53 | Computer Name = im-medi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM
< End of report >
|
| Themen zu Trojaner Bundespolizei 2.07 (unter Window 7) |
| 7-zip, adobe after effects, antivirus, autorun, bonjour, document, entfernen, fehler, firefox, flash player, google, gruppe, helper, hängen, install.exe, karte, kaspersky, kreditkarte, langs, locker, logfile, microsoft office word, mozilla, neu aufsetzen, pixel, plug-in, registry, richtlinie, rundll, scan, searchscopes, senden, software, svchost.exe, third party, trojaner, version=1.0, win32/goblin.e.gen, window 7 |
Baum-Darstellung