|
Plagegeister aller Art und deren Bekämpfung: Claro Search eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.11.2012, 15:38 | #1 |
| Claro Search eingefangen hallo, auch ich habe mir Claro Search eingefangen und würde mich freuen, wenn Ihr mir helfen könntet. Danke |
28.11.2012, 08:15 | #2 |
/// the machine /// TB-Ausbilder | Claro Search eingefangen Hi,
__________________Downloade Dir bitte AdwCleaner auf deinen Desktop.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s %windir%\installer\*. /5 %localappdata%\*. /5 CREATERESTOREPOINT
__________________ |
28.11.2012, 10:11 | #3 |
| Claro Search eingefangen Hallo Schrauber,
__________________hab heute früh noch ein Thema erstellt. Siehe http://www.trojaner-board.de/127597-...hmgelegt.html. Da habe ich auch schon logs erstellt, die die in der Anleitung gefordert sind, bevor man ein Thema erstellt. Neu habe ich jetzt nochmal adwcleaner und otl laufen lassen. Ich schicke Dir jetzt mal die adwCleaner.txt. und die OTL.txt neu. Die extras.txt ist nicht neu erzeugt worden. Ich habe die von gestern angehängt. Vielen Dank schonmal. ChrissiD adwcleaner.txt Code:
ATTFilter # AdwCleaner v2.009 - Datei am 28/11/2012 um 09:27:09 erstellt # Aktualisiert am 24/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : *** - GGLBUERO # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Browser Manager ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s1f9s1h5.default\searchplugins\11-suche.xml Gelöscht mit Neustart : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKU\S-1-5-21-1624048245-291931411-889609081-1146\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s1f9s1h5.default\prefs.js C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s1f9s1h5.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search"); Gelöscht : user_pref("browser.search.order.1", "Claro Search"); Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP[...] Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=471[...] Gelöscht : user_pref("extensions.claro.admin", false); Gelöscht : user_pref("extensions.claro.aflt", "babsst"); Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); Gelöscht : user_pref("extensions.claro.dfltLng", "en"); Gelöscht : user_pref("extensions.claro.excTlbr", false); Gelöscht : user_pref("extensions.claro.id", "4aaaddfe000000000000002618183731"); Gelöscht : user_pref("extensions.claro.instlDay", "15666"); Gelöscht : user_pref("extensions.claro.instlRef", "sst"); Gelöscht : user_pref("extensions.claro.prdct", "claro"); Gelöscht : user_pref("extensions.claro.prtnrId", "claro"); Gelöscht : user_pref("extensions.claro.tlbrId", "irhnew"); Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", ""); Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10"); Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10"); Gelöscht : user_pref("extensions.claro_i.smplGrp", "none"); Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1015:40:07"); Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=KW_ss&mntrId=4a[...] Profilname : default Datei : C:\Users\Verwalter\AppData\Roaming\Mozilla\Firefox\Profiles\9vy9eqh7.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v11.60.1185.0 Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. Datei : C:\Users\SerendataVerwalter\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [5048 octets] - [28/11/2012 09:27:09] ########## EOF - C:\AdwCleaner[S1].txt - [5108 octets] ########## OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.11.2012 09:46:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 58,11% Memory free 6,50 Gb Paging File | 5,09 Gb Available in Paging File | 78,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 382,46 Gb Free Space | 82,13% Space Free | Partition Type: NTFS Computer Name: GGLBUERO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.27 21:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2012.10.28 13:12:17 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.11 14:58:48 | 001,223,680 | ---- | M] (Toggl) -- C:\Programme\Toggl\TogglDesktop\TogglDesktop.exe PRC - [2012.03.26 16:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.03.07 20:36:13 | 000,349,488 | ---- | M] (Assistance & Resources for Computing, Inc.) -- C:\PurgeIE\PurgeIE_Service.exe PRC - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe PRC - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.17 23:04:04 | 006,862,336 | ---- | M] (Global IP Telecommunications Ltd.) -- C:\Programme\NinjaLite\NinjaLite\NinjaLi.exe PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.10.19 23:11:52 | 000,616,712 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.03.30 15:00:56 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe ========== Modules (No Company Name) ========== MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll MOD - [2012.10.28 13:11:42 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.01.13 12:49:04 | 001,093,646 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avcodec-53.dll MOD - [2012.01.13 12:49:04 | 000,184,846 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avformat-53.dll MOD - [2012.01.13 12:49:04 | 000,117,262 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avutil-51.dll MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.10.19 23:11:20 | 000,101,128 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\CrashRpt.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2007.08.13 15:46:00 | 001,253,376 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbis.dll MOD - [2007.08.13 15:46:00 | 001,032,192 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbisenc.dll MOD - [2007.08.13 15:46:00 | 000,102,400 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbisfile.dll MOD - [2007.08.13 15:46:00 | 000,061,440 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\ogg.dll ========== Services (SafeList) ========== SRV - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.10.28 13:12:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 10:26:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 16:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.07 20:36:13 | 000,349,488 | ---- | M] (Assistance & Resources for Computing, Inc.) [Auto | Running] -- C:\PurgeIE\PurgeIE_Service.exe -- (PurgeIEservice) SRV - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.22 17:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2011.09.22 17:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2011.06.18 13:28:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.23 04:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012.03.20 19:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.09.22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.06.18 12:44:43 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.11.20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010.11.20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010.11.20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 8C 54 CE 0B 4B CA 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{FBA214B9-5BF0-438A-BBD8-78C1EBB80D48}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: beta@linkdiagnosis.com:2.3.6 FF - prefs.js..extensions.enabledAddons: check4change-owner@mozdev.org:1.9.3 FF - prefs.js..extensions.enabledAddons: morningCoffee@shaneliesegang:1.35 FF - prefs.js..extensions.enabledAddons: sitedelta@schierla.de:0.13.1 FF - prefs.js..extensions.enabledAddons: yslow@yahoo-inc.com:3.1.4 FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6 FF - prefs.js..extensions.enabledAddons: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.5.5 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.10 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.41 FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3 FF - prefs.js..extensions.enabledAddons: firequery@binaryage.com:1.3 FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4 FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2011.06.18 12:52:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.11.22 15:30:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 15:40:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.07 16:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.11.23 07:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions [2012.11.21 08:16:39 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.08.24 10:01:21 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.08.01 11:20:43 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.02.17 09:20:32 | 000,066,808 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\beta@linkdiagnosis.com.xpi [2012.05.14 08:17:12 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\check4change-owner@mozdev.org.xpi [2012.11.02 14:58:49 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.08 13:28:32 | 000,106,668 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\firequery@binaryage.com.xpi [2012.01.10 16:56:12 | 000,107,019 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\morningCoffee@shaneliesegang.xpi [2012.11.02 14:58:46 | 000,347,040 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\senseo@nicosteiner.de.xpi [2012.05.14 08:14:06 | 000,074,258 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\sitedelta@schierla.de.xpi [2012.11.19 23:00:55 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\toolbar@gmx.net.xpi [2012.08.12 07:19:37 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\yslow@yahoo-inc.com.xpi [2012.08.29 11:32:03 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2012.07.30 20:03:35 | 000,447,304 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2012.09.10 19:24:22 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.06.09 08:59:47 | 000,068,257 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2012.01.10 17:36:54 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012.11.19 23:00:59 | 000,002,273 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\englische-ergebnisse.xml [2012.11.19 23:00:59 | 000,010,563 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\gmx-suche.xml [2012.11.19 23:00:59 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\lastminute.xml [2012.11.22 15:39:59 | 000,006,520 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\mngr.xml [2012.11.19 23:00:59 | 000,005,545 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\webde-suche.xml [2012.10.28 13:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.28 13:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{0B457CAA-602D-484A-8FE7-C1D894A011BA} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{6AC85730-7D0F-4DE0-B3FA-21142DD85326} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\BETA@LINKDIAGNOSIS.COM.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\CHECK4CHANGE-OWNER@MOZDEV.ORG.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\FIREQUERY@BINARYAGE.COM.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\MORNINGCOFFEE@SHANELIESEGANG.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\SITEDELTA@SCHIERLA.DE.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI [2012.10.28 13:12:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 07:30:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.03 21:47:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 07:30:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 07:30:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 07:30:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 07:30:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP_ss&mntrId=4aaaddfe000000000000002618183731 CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP_ss&mntrId=4aaaddfe000000000000002618183731 CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSCRM] C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe (Microsoft Corporation) O4 - HKCU..\Run: [IBP] File not found O4 - HKCU..\Run: [NINJALI.EXE] C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe (Global IP Telecommunications Ltd.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TogglDesktop.lnk = C:\Programme\Toggl\TogglDesktop\TogglDesktop.exe (Toggl) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: crm ([]http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sites ([]https in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = serendata.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1331BC44-AB8C-4275-B7F3-B5B35058B171}: DhcpNameServer = 192.168.2.2 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 21:39:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.22 22:13:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.11.22 15:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.22 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2012.11.22 15:30:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Software [2012.11.22 15:30:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDF Architect Files [2012.11.22 15:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2012.11.22 15:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect ========== Files - Modified Within 30 Days ========== [2012.11.28 09:35:59 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 09:35:59 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 09:34:42 | 000,766,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.28 09:34:42 | 000,720,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.28 09:34:42 | 000,174,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.28 09:34:42 | 000,147,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.28 09:28:56 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.28 09:28:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.28 09:28:04 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys [2012.11.28 09:26:06 | 000,480,125 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.28 09:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.28 08:57:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.27 21:44:20 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\9vhcvzpp.exe [2012.11.27 21:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.27 21:37:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.27 21:35:22 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.27 12:47:38 | 000,001,310 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.11.26 22:49:25 | 000,002,046 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2012.11.22 15:31:30 | 000,000,963 | ---- | M] () -- C:\Users\***\Desktop\PDF Architect.lnk [2012.11.14 09:26:19 | 000,408,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.08 18:00:08 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012.11.27 21:44:20 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\9vhcvzpp.exe [2012.11.27 21:37:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.27 21:35:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.27 21:27:10 | 000,480,125 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.22 15:31:30 | 000,000,963 | ---- | C] () -- C:\Users\***\Desktop\PDF Architect.lnk [2012.07.30 20:02:13 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.07.27 09:09:52 | 000,060,864 | ---- | C] () -- C:\Users\***\g2mdlhlpx.exe [2012.01.09 12:12:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat [2012.01.09 12:12:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.01.09 12:09:24 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.01.07 16:24:25 | 000,000,816 | RHS- | C] () -- C:\Users\***\ntuser.pol [2012.01.07 16:11:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.06 23:03:03 | 000,022,012 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.12.06 19:49:28 | 000,048,488 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.18 12:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.18 10:45:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.18 17:24:00 | 000,003,246 | ---- | C] () -- C:\Users\***\.kdiff3rc [2010.01.12 16:55:40 | 000,459,366 | ---- | C] () -- C:\Users\***\.spyglass.properties ========== ZeroAccess Check ========== [2010.03.17 14:37:37 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\2216887-Dateien\L.gif [2010.03.17 14:34:31 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\3999788-Dateien\L.gif [2010.03.17 14:23:50 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\5994862-Dateien\L.gif [2010.03.17 14:21:35 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\7359601-Dateien\L.gif [2010.03.17 14:29:03 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\938668-Dateien\L.gif [2010.03.17 14:23:01 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\9723607-Dateien\L.gif [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.10 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot [2012.04.12 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBP [2012.01.10 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.04.26 09:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySEOSolution_DB_Dir [2012.01.07 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.01.07 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.11.22 15:31:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Software [2012.03.07 20:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PurgeIE [2012.01.07 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2012.01.07 18:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.01.07 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Small Business Server ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.07 16:24:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.25 13:10:10 | 000,000,000 | ---D | M] -- C:\201201StandUSBStick [2011.12.06 20:07:21 | 000,000,000 | ---D | M] -- C:\AppData [2012.04.26 09:33:58 | 000,000,000 | ---D | M] -- C:\ArikelWizard [2011.12.06 20:07:21 | 000,000,000 | ---D | M] -- C:\AWR User Data [2011.12.06 20:07:27 | 000,000,000 | ---D | M] -- C:\BackupUSBGrau20101013 [2012.08.07 19:31:31 | 000,000,000 | ---D | M] -- C:\Batch [2011.12.06 20:07:28 | 000,000,000 | ---D | M] -- C:\BupKundentag2011 [2011.12.06 20:07:28 | 000,000,000 | -H-D | M] -- C:\CanonMP [2012.04.03 19:45:22 | 000,000,000 | ---D | M] -- C:\charts [2011.12.06 20:07:30 | 000,000,000 | ---D | M] -- C:\charts_old [2012.11.28 09:34:44 | 000,000,000 | ---D | M] -- C:\Christiane [2011.12.06 20:26:07 | 000,000,000 | ---D | M] -- C:\CRMKonfig [2011.12.06 20:26:07 | 000,000,000 | ---D | M] -- C:\Develop [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.18 11:03:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.12.06 20:26:33 | 000,000,000 | ---D | M] -- C:\downloads [2009.12.26 11:15:41 | 000,000,000 | ---D | M] -- C:\DownloadsAmazon [2011.12.06 20:26:48 | 000,000,000 | ---D | M] -- C:\ElkeKalender [2011.12.06 20:26:51 | 000,000,000 | ---D | M] -- C:\FotosStefan [2011.12.06 20:27:01 | 000,000,000 | ---D | M] -- C:\freemind-bin-max-0.9.0_RC_9 [2011.12.06 20:27:08 | 000,000,000 | ---D | M] -- C:\Lesen [2011.12.06 20:27:20 | 000,000,000 | ---D | M] -- C:\Link Manager User Data [2011.06.18 12:16:16 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.23 07:56:34 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.28 09:27:09 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.06.18 11:03:42 | 000,000,000 | -HSD | M] -- C:\Programme [2012.03.18 16:57:48 | 000,000,000 | ---D | M] -- C:\PurgeIE [2011.06.18 11:03:42 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.07 16:22:38 | 000,000,000 | ---D | M] -- C:\save [2011.12.20 22:52:33 | 000,000,000 | ---D | M] -- C:\save20100724serendataBuero [2011.12.06 22:37:24 | 000,000,000 | ---D | M] -- C:\sego [2011.12.06 22:38:40 | 000,000,000 | ---D | M] -- C:\StarMoney7.0Daten [2012.05.05 10:42:34 | 000,000,000 | ---D | M] -- C:\svn [2012.05.05 10:44:24 | 000,000,000 | ---D | M] -- C:\svnbackup [2012.11.28 09:39:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.03 11:38:09 | 000,000,000 | ---D | M] -- C:\Temp [2012.10.03 11:41:36 | 000,000,000 | ---D | M] -- C:\tmp [2012.09.26 21:39:38 | 000,000,000 | ---D | M] -- C:\Tools [2011.12.06 23:00:32 | 000,000,000 | ---D | M] -- C:\Transfer [2011.12.06 19:52:59 | 000,000,000 | R--D | M] -- C:\Users [2011.12.06 23:00:39 | 000,000,000 | ---D | M] -- C:\Weihnachtskarten [2012.11.28 09:28:59 | 000,000,000 | ---D | M] -- C:\Windows [2012.01.17 16:48:16 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > < %localappdata%\*. /5 > [2012.11.28 09:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Local\Temp [2012.11.27 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Local\TSVNCache < End of report > extras.txt von gestern OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.11.2012 21:39:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 57,77% Memory free 6,50 Gb Paging File | 4,98 Gb Available in Paging File | 76,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 382,59 Gb Free Space | 82,16% Space Free | Partition Type: NTFS Computer Name: GGLBUERO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] "PolicyVersion" = 512 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules] "CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE| "FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| "RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE| "RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE| "WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| "WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| "WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07F7A7A2-79AB-4C42-9D91-278BCC070CFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0E1C3B34-9E81-4B9C-B82F-8D24CE999E25}" = rport=5060 | protocol=17 | dir=out | name=sip 5060 udp | "{2A7ECA4B-0729-49E6-85E1-1AFFE24E799F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{35045904-3FD9-45D7-A7E4-7445974FB127}" = rport=138 | protocol=17 | dir=out | app=system | "{4393F2E0-E34D-4559-AE79-4634D70E73C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4DB0116C-D406-4983-BAC2-D93410BE6D42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{580BBF0F-68DE-47CF-B47B-96744C0086BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{63B70545-DB77-4DAE-9AC2-116C34A66CC7}" = rport=445 | protocol=6 | dir=out | app=system | "{6C888103-7E3A-4A05-9A8D-AF972A2748E5}" = rport=3478 | protocol=17 | dir=out | name=stun sip 3478 udp | "{79791763-DE05-478E-9940-2EA918B87D98}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7A2AD3C1-77ED-447D-9ABD-79A46F4DFA15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7FA4EC9A-5BD5-41C8-895E-03882DCAEA3C}" = lport=139 | protocol=6 | dir=in | app=system | "{93ECDAAF-AC3B-4046-81A6-9739CFB86120}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A58DFD6F-1D13-49C1-BF20-653201315809}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{A7EE3138-693A-40CC-8AF2-3451AB585EA7}" = rport=139 | protocol=6 | dir=out | app=system | "{BA4797F9-716B-47D1-9CCC-251730BC2DAB}" = lport=445 | protocol=6 | dir=in | app=system | "{C173F0C7-C909-4E13-AC06-0C185ABB5F07}" = lport=137 | protocol=17 | dir=in | app=system | "{C41135E8-D5F6-4707-BEEB-9607C20A88F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CCBC9CF2-BF68-47CF-9666-C4DBFC4A19A2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D4E3A660-C312-416E-A6AC-223AAFCD43C8}" = rport=137 | protocol=17 | dir=out | app=system | "{DE4516BE-1050-4DDA-9937-EC285012F561}" = rport=5061 | protocol=17 | dir=out | name=sip 5061 udp | "{E8D2F365-C931-42D6-9497-4C854CB1C62B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EC15239E-6D2B-4671-9DD1-2160CB3DC961}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FC6C5EFF-C380-4D63-BBA5-3697AB2FE5C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FEEFCCF3-99D2-48C9-A5FF-99BD5942447B}" = lport=138 | protocol=17 | dir=in | app=system | "{FF5FABDB-49E3-4002-97B8-4ED83BD9D21F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02A25BE3-5501-4EA0-9317-2B870C29DA3C}" = dir=out | app=%programfiles%\ninjalite\ninjalite\ninjali.exe | "{0E49247A-A6BB-46EE-9E48-E60AE80997BF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0F7CC0BB-0CD3-4611-9A5E-DA3CAA55DC14}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{21B3BCCF-D089-40B6-8B73-E707DCAA88C3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{23E42F74-CCA2-458E-A52A-C6B346F114AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{25449E73-C436-485F-BF3B-CD9E47DC9BD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{27117D09-3490-449A-A5CC-87993D669B41}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{362E9F05-6805-483A-8D88-7CE8EBF3AF78}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{36F62FB8-2279-4BEF-9EFE-4750EEF57A23}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{47077531-D55C-4655-BD54-4FCD9298B9BB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4E8C8F97-3DB1-4B4C-9794-185C5377C07B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{5E89480D-B6D4-48AF-AC3A-BEBA4FD15670}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{71630626-56F0-4661-B1D1-68BF9D5D1742}" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\xproxy.exe | "{7D8E502A-A6CB-4BD1-81AA-95214E418CEA}" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe | "{80EFE898-DBDC-4AB3-A928-25692AF936F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{84B50EF5-4D79-4F01-8F06-D4A705D4251E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8CD6308B-E6AD-4C0D-8280-77FD2AA5FC92}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{96C26CA4-A9CA-499C-ACA8-DCC6C4A9EED4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9F73C3D1-3B94-492D-B1A6-677425EAC99C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{9FD7E7EC-227B-4AA9-8E3A-B9FB9D0E39DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{B215F44D-BA5D-45C0-BBDA-09F8A9CD1A62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{CA32A48E-D9E5-4D41-A0A0-44D337144730}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D36CB300-E99A-4C19-8758-A40DF0352424}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D911EA4F-845A-494C-BCEA-207BC6C23D35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D9149000-BD26-436B-A597-A433A5D3612B}" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe | "{EB1A8FDE-58D2-4FEF-8E02-E5FB1626B925}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EC53FB39-619F-49BF-96DF-7FED84307672}" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\xproxy.exe | "{ED934062-55DD-465E-AE61-7BB2BA981AF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EFBF6C14-0210-4158-8671-368638C5EEE5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{F313242A-7A0B-48BD-AAA7-0CBCA94A41E0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{FE973084-6DBB-46A5-9CF9-74508C35555C}" = dir=out | app=%programfiles%\ninjalite\ninjalite\xproxy.exe | "TCP Query User{082B2363-B05C-472A-B9EB-EE0B237011C0}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{24B784E1-1BE6-4C88-93AE-3074EF90E0E3}C:\program files\ninjalite\ninjalite\ninjali.exe" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe | "TCP Query User{3026416A-2573-473F-B3FA-18A03EB3CB77}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | "TCP Query User{72C9E958-6F61-45D4-9119-5B2E7478E275}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{04104410-7CF5-4BF5-9F82-8D8C52A48B11}C:\program files\ninjalite\ninjalite\ninjali.exe" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe | "UDP Query User{0DD3AB43-FBE9-4714-99B2-09941B5A34AE}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{4562545F-2A36-451B-BC8F-CF476DCA808B}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | "UDP Query User{CF200E27-BC3E-4B5D-B694-DFD342A75348}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00626135-E60A-4550-9503-4F50C6C9B8BB}" = Google AdWords Editor "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite DCP-395CN "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4E8FFAB1-88FA-4A8C-B611-08C2C9DD69F3}_is1" = NinjaLite 3.5.0.5 "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1 "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75C26E7B-0416-427A-9C43-8F374C316973}" = NodeXL Excel Template "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{8073D8BC-7651-4ADF-9219-F67DB3C49103}" = TestDriven.Net 3.0 Personal "{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) "{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client "{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime "{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97BA2B90-AF72-35CF-BFDC-E06531811B20}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit) "{9DB75EBF-DC06-4574-8FF1-3955C6673B21}" = Microsoft Application Error Reporting "{A484263A-C779-4BF2-86CD-3E62D717F5AE}" = PDF Architect "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}" = Minianwendung "Desktoplinks" für Windows Small Business Server 2008 "{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) "{DEB1CE7F-5821-4E1C-ADED-744F52052E4A}" = Open XML SDK 2.0 Productivity Tool for Microsoft Office "{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver "{E0FBC979-7FA5-40A4-B14F-E301958D1135}" = TogglDesktop "{EB32EEAE-974F-34A3-80ED-704D509078D2}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86) "{FEE45451-2724-45B5-98DE-0E3B659194DD}" = Microsoft Dynamics CRM 4.0 für Microsoft Office Outlook "7-Zip" = 7-Zip 9.22beta "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "BTE_14_674328" = Business - Sprachkurs English "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Fiddler2" = Fiddler2 "Google Chrome" = Google Chrome "IBP11_is1" = IBP 11.7.9 "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Opera 11.60.1185" = Opera 11.60 "PerformanceTest 7_is1" = PerformanceTest v7.0 "Picasa 3" = Picasa 3 "PurgeIE_is1" = PurgeIE - 8.05 "TeamViewer 7" = TeamViewer 7 "TrueCrypt" = TrueCrypt "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "WebSpider2" = Xaldon WebSpider2 "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-3 "xampp" = XAMPP 1.7.7 "Xenu's Link Sleuth" = Xenu's Link Sleuth "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "2434262337.localhost" = BacklinkTool "37edc5e48a7387a6" = BacklinkTool "FF6936D70060EBAD87660736B2F5E0260107A02E" = Smrf.NodeXL.ExcelTemplate "GoToMeeting" = GoToMeeting 5.3.0.978 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "WinDirStat" = WinDirStat 1.1.2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.09.2012 01:58:02 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/09/14 07:58:02.736]: [00001056]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 14.09.2012 14:35:50 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/09/14 20:35:50.566]: [00001056]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 15.09.2012 03:06:43 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/09/15 09:06:43.813]: [00001056]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 15.09.2012 03:06:44 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/09/15 09:06:44.814]: [00001056]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 15.09.2012 03:45:12 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.09.2012 13:49:03 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/09/15 19:49:03.592]: [00001056]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 16.09.2012 21:54:24 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/09/17 03:54:24.748]: [00001056]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 16.09.2012 21:54:25 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/09/17 03:54:25.754]: [00001056]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5 Error - 18.09.2012 09:48:27 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 20.09.2012 02:28:19 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 14.07.2012 02:48:24 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 14.07.2012 02:48:24 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029 Description = Display is not active Error - 16.07.2012 01:37:43 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 16.07.2012 01:37:43 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029 Description = Display is not active Error - 16.07.2012 01:37:44 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 16.07.2012 01:37:44 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029 Description = Display is not active Error - 17.07.2012 01:35:47 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 17.07.2012 01:35:47 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029 Description = Display is not active Error - 17.07.2012 01:35:48 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 17.07.2012 01:35:48 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > |
28.11.2012, 12:07 | #4 |
/// the machine /// TB-Ausbilder | Claro Search eingefangen Noch Probleme ? ESET Online Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Claro Search eingefangen |
claro, claro search, claro search trojaner, eingefangen, freue, gefangen, gen, search, würde |