|
Log-Analyse und Auswertung: HEUR:Exploit.Java.CVE-2012-1723.genWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.03.2013, 20:32 | #1 |
| HEUR:Exploit.Java.CVE-2012-1723.gen Hallo und Hilfe, unser Kaspersky Anti-Virus 2013 hat folgende 2 Trojaner gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen Object: C:\Documents and Settings\Manuela\...ocal\Temp\jar_cache1975677933599031230.tmp HEUR:Exploit.Java.CVE-2012-1723.gen Object: C.\Documents and Settings\Manuela\A...va\Deployment\cache\6.0\61\20f6e3d-2808c67a Hier OTL.txt + Extras.txt aus Schritt 2: OTL logfile created on: 17.03.2013 19:15:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manuela\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 49,63% Memory free 6,19 Gb Paging File | 4,12 Gb Available in Paging File | 66,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 65,01 Gb Free Space | 45,13% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 117,69 Gb Free Space | 83,76% Space Free | Partition Type: NTFS Computer Name: MANUELA | User Name: Manuela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.17 19:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe PRC - [2012.11.16 07:34:01 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2012.07.25 15:29:02 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012.02.23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2011.07.22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2011.07.07 16:54:00 | 000,399,312 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.06.08 12:22:36 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Manuela\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.05.30 02:04:45 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008.05.30 02:04:41 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe PRC - [2008.05.24 01:58:34 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe PRC - [2008.04.24 10:03:34 | 003,337,728 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008.03.13 10:24:20 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008.03.11 19:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.11 10:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.07 15:05:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.07 03:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.03.05 14:55:24 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.03.05 10:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.03.04 20:21:06 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.02.15 08:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.10.03 13:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 13:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.24 17:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.03.27 11:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe PRC - [2006.10.23 01:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2005.06.23 19:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 19:29:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll MOD - [2013.02.15 19:26:05 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll MOD - [2013.01.11 20:00:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll MOD - [2013.01.11 19:54:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 19:53:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013.01.11 19:52:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.11 19:50:41 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.11 19:49:51 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll MOD - [2013.01.11 19:47:17 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.11 19:46:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.08.17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.05.30 02:04:45 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe MOD - [2008.05.30 02:04:41 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe MOD - [2008.05.30 01:43:13 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll MOD - [2008.05.30 01:43:04 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll MOD - [2008.05.30 01:43:03 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdudrs.dll MOD - [2008.05.30 01:31:57 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll MOD - [2008.05.24 01:02:14 | 000,188,416 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdudatr.dll MOD - [2008.05.19 14:58:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.core.dll MOD - [2008.05.19 14:58:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.common.dll MOD - [2008.05.19 14:57:11 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll MOD - [2008.03.28 19:25:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.03.28 19:25:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.03.28 19:25:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.03.25 17:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2008.03.11 09:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008.03.05 14:55:28 | 000,753,664 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.03.05 14:55:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008.03.04 23:38:16 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008.02.25 02:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007.09.11 10:12:08 | 000,475,136 | ---- | M] () -- C:\Program Files\Acer\Acer VCM\AcerControl.dll MOD - [2007.04.24 17:44:26 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.04.24 17:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - [2013.03.13 13:27:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.16 07:34:01 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP) SRV - [2011.07.22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.24 01:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device) SRV - [2008.05.24 01:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008.03.07 15:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.02.15 08:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.03 13:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.02.08 15:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.11.16 07:38:53 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012.11.16 07:38:52 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.10.01 13:40:16 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.01 13:40:15 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.08.13 15:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012.08.02 14:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.06.19 16:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2011.12.29 17:38:52 | 000,000,000 | ---D | M] [Kernel | On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Media Maker 8\NTI Ripper Suite\ -- (N) DRV - [2011.10.02 18:50:25 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Manuela\AppData\Local\Temp\Fadpu16E.sys -- (Fadpu16E) DRV - [2011.07.13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol) DRV - [2011.07.13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp) DRV - [2010.05.20 14:27:01 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.05.20 14:25:28 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.05.20 14:25:28 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010.02.18 08:21:54 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2010.02.18 08:21:52 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2010.02.18 08:21:50 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3) DRV - [2009.08.05 05:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.04.24 10:03:26 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.03.07 18:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.03.05 08:25:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.02.29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.15 08:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2008.01.08 20:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.12.18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 08:30:52 | 000,041,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stusb2ir.sys -- (stusb2ir) DRV - [2005.05.24 15:01:16 | 000,077,040 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800obex.sys -- (w800obex) DRV - [2005.05.24 15:00:56 | 000,079,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mgmt.sys -- (w800mgmt) DRV - [2005.05.24 15:00:46 | 000,087,424 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mdm.sys -- (w800mdm) DRV - [2005.05.24 15:00:44 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mdfl.sys -- (w800mdfl) DRV - [2005.05.24 15:00:37 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110004&babsrc=SP_ss&mntrId=42349c8d000000000000001f3aed237e IE - HKCU\..\SearchScopes\{6001606F-6620-449C-B6E2-C6D55264C32B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=1C15A5B4-6F15-4865-A77C-CE153D58D647&apn_sauid=F2BFD017-B8A6-4939-A73C-F184A24CAF2C IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deDE288 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 07:47:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 07:47:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 07:47:05 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (FLV Runner Toolbar) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe () O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - Startup: C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ist-webservice.de ([www] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5552039-6C3E-4391-B9D4-C010D4C44610}: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: D:\manu\Bilder\Mallorca 2011\SDC13091.JPG O24 - Desktop BackupWallPaper: D:\manu\Bilder\Mallorca 2011\SDC13091.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /r \??\F O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 19:13:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe [2010.02.23 18:27:06 | 017,028,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\pdfmailer4de.exe [2008.11.27 08:34:29 | 068,756,776 | ---- | C] (Apple Inc.) -- C:\Users\Manuela\iTunesSetup.exe [2002.03.11 10:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe [2002.03.11 09:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe [12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Users\Manuela\*.tmp files -> C:\Users\Manuela\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.17 19:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.17 19:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe [2013.03.17 19:13:48 | 000,000,524 | ---- | M] () -- C:\Users\Manuela\Desktop\Die Dummheit drängt sich vor, um gesehen zu werden, die Klugheit steht zurück , um zu sehen!.website [2013.03.17 19:12:07 | 000,000,000 | ---- | M] () -- C:\Users\Manuela\defogger_reenable [2013.03.17 19:11:04 | 000,050,477 | ---- | M] () -- C:\Users\Manuela\Desktop\Defogger.exe [2013.03.17 18:40:54 | 000,056,605 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.03.17 18:40:54 | 000,056,605 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.17 18:40:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.17 15:08:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 15:08:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.15 18:15:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.03.15 18:13:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.03.12 10:13:43 | 000,674,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.12 10:13:43 | 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.12 10:13:43 | 000,146,484 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.12 10:13:43 | 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.08 13:11:09 | 000,000,457 | ---- | M] () -- C:\Users\Manuela\Desktop\aok-bv.de wichtig ab S.27.....website [2013.03.06 20:52:01 | 400,367,177 | ---- | M] () -- C:\Windows\MEMORY.DMP [12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Users\Manuela\*.tmp files -> C:\Users\Manuela\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.17 19:12:07 | 000,000,000 | ---- | C] () -- C:\Users\Manuela\defogger_reenable [2013.03.17 19:10:55 | 000,050,477 | ---- | C] () -- C:\Users\Manuela\Desktop\Defogger.exe [2013.02.14 19:35:47 | 000,000,680 | ---- | C] () -- C:\Users\Manuela\AppData\Local\d3d9caps.dat [2012.07.07 12:38:53 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2012.07.07 12:38:53 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2012.07.07 12:38:53 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2012.07.07 12:38:53 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2012.07.07 12:38:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2012.07.07 12:38:53 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2012.07.07 12:38:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2012.07.07 12:38:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2012.07.07 12:38:53 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2012.07.07 12:38:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2012.07.07 12:38:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2012.07.07 12:38:53 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2012.07.07 12:38:53 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2012.07.07 12:38:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2012.07.07 12:38:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2012.07.07 12:38:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2012.07.07 12:38:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2012.07.07 12:38:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.07.07 12:38:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.04.05 14:50:37 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI [2012.03.29 15:02:52 | 000,000,221 | ---- | C] () -- C:\Windows\scrantic.ini [2011.10.31 11:28:31 | 000,017,408 | ---- | C] () -- C:\Users\Manuela\AppData\Local\WebpageIcons.db [2011.09.18 16:01:14 | 000,000,000 | ---- | C] () -- C:\Windows\jcmkr32.INI [2011.08.03 12:59:04 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.08.03 12:57:48 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.06.08 16:07:10 | 002,260,312 | ---- | C] () -- C:\Program Files\TeamViewerQS.exe [2010.02.23 18:52:39 | 001,720,832 | ---- | C] () -- C:\Program Files\FreePDF4.02.EXE [2009.12.01 15:07:22 | 000,000,095 | ---- | C] () -- C:\Users\Manuela\AppData\Local\fusioncache.dat [2009.12.01 13:23:30 | 000,022,328 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\PnkBstrK.sys [2009.04.05 12:34:51 | 000,219,441 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\NMM-MetaData.db [2009.03.30 18:02:27 | 000,000,488 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\wklnhst.dat [2009.03.26 10:45:50 | 000,001,074 | RH-- | C] () -- C:\Users\Manuela\XrxWm.ini [2009.03.26 10:45:50 | 000,000,522 | RH-- | C] () -- C:\Users\Manuela\xw45cpdy.dyc [2009.01.20 08:25:35 | 000,024,227 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\UserTile.png [2008.10.19 15:53:00 | 000,057,344 | ---- | C] () -- C:\Users\Manuela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.30 17:09:26 | 135,427,055 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2008.09.30 16:48:40 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini [2008.09.30 16:48:38 | 009,776,640 | ---- | C] () -- C:\Program Files\openofficeorg30.msi [2008.09.18 17:08:54 | 000,424,728 | ---- | C] () -- C:\Program Files\setup.exe [2008.07.14 18:56:42 | 000,000,387 | -H-- | C] () -- C:\ProgramData\hpothb07.dat [2008.07.14 18:56:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\hpothb07.tif [2008.05.23 22:46:26 | 000,056,605 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.05.23 22:22:57 | 000,056,605 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.06.20 07:41:51 | 000,000,000 | -HSD | M] -- C:\Users\Manuela\AppData\Roaming\.# [2009.04.22 16:52:14 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\5600-6600 Series [2008.03.28 19:43:38 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Acer GameZone Console [2012.07.11 14:53:14 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Amazon [2011.08.03 12:59:14 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Atari [2012.03.11 13:25:27 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Babylon [2008.06.19 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Big Fish Games [2009.03.26 13:35:26 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Buhl Data Service [2011.08.29 16:31:18 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Cornelsen [2011.10.21 09:40:16 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Garmin [2009.01.19 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\gotomaxx [2008.11.21 16:45:24 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Leadertech [2009.04.07 18:13:33 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Lexmark Productivity Studio [2008.07.14 19:14:19 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Nokia [2010.10.07 18:05:07 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Nokia Multimedia Player [2009.06.04 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\NSeries [2008.12.22 14:46:59 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\OpenOffice.org [2008.07.14 19:08:48 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\PC Suite [2010.06.08 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\TeamViewer [2009.03.30 18:02:26 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Template [2008.06.08 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Validity ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F < End of report > OTL Extras logfile created on: 17.03.2013 19:15:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manuela\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 49,63% Memory free 6,19 Gb Paging File | 4,12 Gb Available in Paging File | 66,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 65,01 Gb Free Space | 45,13% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 117,69 Gb Free Space | 83,76% Space Free | Partition Type: NTFS Computer Name: MANUELA | User Name: Manuela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0560BD41-0AC3-4056-BE97-2EEE3923A16A}" = rport=138 | protocol=17 | dir=out | app=system | "{15315CD1-B3FC-401F-B49E-0D6E24C9E3BE}" = lport=138 | protocol=17 | dir=in | app=system | "{23349A57-35BE-4753-8744-2594D611D5D6}" = lport=139 | protocol=6 | dir=in | app=system | "{39494384-8CF5-4EC7-934F-024DFCECE6D3}" = lport=137 | protocol=17 | dir=in | app=system | "{3B934D03-89FC-4A5F-976A-EE462993FA0B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{45A73033-1791-43A6-BD36-13E5CA653032}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5EE5E4E1-B8CC-45EF-990E-6D0A5FC5CDCD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6D6275E6-F32F-4EFD-839A-674993DF840C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7786A30D-5FE5-4F4B-9243-A9C80EDE6DD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{77AAC9B1-F324-47DF-B0CF-4F0C7672C87B}" = rport=139 | protocol=6 | dir=out | app=system | "{80529EC0-77B0-493A-BE26-CFC078783A5D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8ED8FA9F-BE7D-4A72-B8A6-EA180023B206}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A2513332-9C1B-460D-BD0C-1B094B369FE2}" = rport=445 | protocol=6 | dir=out | app=system | "{B06A19E6-BF2F-4DF3-9411-DD4F1335BF93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B2200EFC-DC61-4477-899A-2F8A4132F58B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7F3DA22-5729-45E3-88A1-734843141F82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E03314DA-B476-40FC-AAAE-C7AD9AD482EB}" = lport=445 | protocol=6 | dir=in | app=system | "{E1261B5C-A294-46EB-87C8-373455389D92}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{124F29BE-078B-4BF4-BCBF-844B745A2227}" = dir=in | app=c:\program files\itunes\itunes.exe | "{130C917A-C300-4C9A-914A-B81EC2489829}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{2538C667-6724-48BD-9FC6-0030A61EE26C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2B036B52-512B-41AE-B259-84994FA6DBB8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{2C2D0B77-6D92-490C-8BCF-43728BE421E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3045F5BB-320A-4B13-9038-C190498E65EB}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe | "{31E9A4CE-6CC9-45C1-8B95-BAE14C0B4642}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3206954B-EB5C-485D-902D-5502E90B5F52}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{35113B23-8D9A-418D-8DCF-8925199991B1}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | "{4401B2FE-F3D0-451C-99E0-43C05D7DF6F7}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{49E7C65E-6B52-4F1A-ABF4-BCE027275ECF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{51688B2F-D005-4730-83ED-4E401561BB73}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5ECB5E49-AD74-4C01-9AE7-36704ED80D34}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | "{6AC2BE6D-C85E-41F7-A8B3-3E27EAFA2E35}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{6AE50F53-9904-4112-B0BA-1393421175DA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{6C203B62-7A00-4F98-AE42-CBE349111E60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6C358823-09F9-4E0B-8D7B-1B8569BA381A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6CAACFB8-40B9-453E-94D3-9517AAC6FEA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{79410BEF-A1FB-4628-B063-3A069F0463BC}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | "{7A631DF6-64AE-465C-BA99-95EF36A7E2C8}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{8275DA59-C648-4B25-9B6C-8511DE5E780B}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{8380C441-F4A3-4357-A13A-7CBF4E2FF24C}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | "{85D75BC6-C4E4-406F-A713-0F22E1DD6D01}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{8D8EDE60-F036-4B3D-93D1-67C2B43B9F2A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{9B25DF26-A70E-469E-9089-9DFC9FFE9649}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9CEBC1CF-FD09-4DCD-8DFA-02808335EC44}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | "{A891A725-FCF3-41B1-8089-B99B89DA4471}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe | "{AA7E51A5-88E2-41DB-A3B1-854555364140}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{AFC1C27F-8F44-4AA6-97B2-75FCA6BDBF38}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | "{B1DE6543-6BBE-4A41-8F0F-69DFDE0C7475}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B6345513-26EC-41D4-9B9E-DB45FF70230F}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{B94A622C-1AD7-40F1-810A-6C9F5E63385A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{BEAD42D9-041B-4DBD-97F8-3EC0B57DF6DB}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{C06455C9-42DE-4DDC-9423-C6A2AD0B71B2}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{D160D460-C4DE-450B-A91D-B124A0149FED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D26AB9D1-DA7D-4DFE-B9E2-7C0458AEEFE8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D620787F-2ADE-42B9-8871-F742DB241306}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{F43EE34C-2A2A-459B-A48C-C587C0DD3FE3}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4162E4B4-DB62-4719-9921-A59B2671C1CB}" = Nero Recode 11 "{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Backup & Recovery™ 10 Home "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013 "{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{5F58EF0F-3E92-49B9-A315-872C65F30F05}" = PHOTOfunSTUDIO 8.1 PE "{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop 2008 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D8491AD-D0D2-4B51-AA4A-A8B67795A553}" = Nero Burning ROM 11 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.5 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A8C856AD-63CD-4613-AA29-E6C85607EA06}" = Nokia Software Launcher "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 4.014 "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E89BAE75-3446-43BA-B180-7F11692A9778}" = nero.prerequisites.msi "{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}" = Nero 11 "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F89E5AD8-AE47-49B5-B9F9-C498791E6255}" = Nokia NSeries Music Manager "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Acer Acer Bio Protection 6.0.00.08" = Acer Bio Protection AAV 6.0.00.08 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Agere Systems Soft Modem" = Agere Systems HDA Modem "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "BabylonToolbar" = Babylon toolbar on IE "FLV_Runner Toolbar" = FLV Runner Toolbar "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "GridVista" = Acer GridVista "HCS-WIN" = HCS-WIN "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "I Want This" = I Want This "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013 "Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series "LManager" = Launch Manager "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "PunkBusterSvc" = PunkBuster Services "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Searchqu Toolbar" = Searchqu Toolbar "SmartTRAK" = SmartTRAK "softonic-de3 Toolbar" = softonic-de3 Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen) "Win-Vermieter 3" = Win-Vermieter 3 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab PDF Creator" = FoxTab PDF Creator ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17.03.2013 13:40:26 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6864200 Error - 17.03.2013 13:40:28 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17.03.2013 13:40:28 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6867008 Error - 17.03.2013 13:40:28 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6867008 Error - 17.03.2013 13:40:30 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17.03.2013 13:40:30 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6868755 Error - 17.03.2013 13:40:30 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6868755 Error - 17.03.2013 13:40:34 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17.03.2013 13:40:34 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6872203 Error - 17.03.2013 13:40:34 | Computer Name = Manuela | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6872203 [ Media Center Events ] Error - 08.06.2011 06:51:05 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 26.07.2011 11:08:35 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 24.12.2011 09:11:28 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 24.12.2011 09:23:52 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 31.05.2012 06:04:59 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 03.06.2012 07:10:45 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 03.06.2012 07:22:07 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 27.07.2012 11:13:25 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 27.07.2012 11:13:42 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 27.07.2012 11:14:15 | Computer Name = Manuela | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 15.03.2013 08:25:20 | Computer Name = Manuela | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2013 12:50:15 | Computer Name = Manuela | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 15.03.2013 um 17:48:42 unerwartet heruntergefahren. Error - 15.03.2013 12:50:47 | Computer Name = Manuela | Source = Service Control Manager | ID = 7009 Description = Error - 15.03.2013 12:50:47 | Computer Name = Manuela | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2013 13:05:15 | Computer Name = Manuela | Source = DCOM | ID = 10005 Description = Error - 15.03.2013 13:05:15 | Computer Name = Manuela | Source = Service Control Manager | ID = 7009 Description = Error - 15.03.2013 13:05:15 | Computer Name = Manuela | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2013 13:12:51 | Computer Name = Manuela | Source = Service Control Manager | ID = 7043 Description = Error - 15.03.2013 13:15:20 | Computer Name = Manuela | Source = Service Control Manager | ID = 7009 Description = Error - 15.03.2013 13:15:20 | Computer Name = Manuela | Source = Service Control Manager | ID = 7000 Description = < End of report > Könnt ihr uns bitte helfen?? Liebe Grüße Manuela |
18.03.2013, 12:46 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-1723.gen Hallo und
__________________Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall RegistryBooster. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
Themen zu HEUR:Exploit.Java.CVE-2012-1723.gen |
babylontoolbar, bandoo, bho, bonjour, entfernen, error, excel, failed, firefox, flash player, helper, heur, home, install.exe, kaspersky, launch, logfile, office 2007, plug-in, popup, prozess, realtek, registry, rojaner gefunden, rundll, scan, software, svchost.exe, tastatur, trojaner, vista |