Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HEUR:Exploit.Java.CVE-2012-1723.gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.03.2013, 20:32   #1
pusteblume77
 
HEUR:Exploit.Java.CVE-2012-1723.gen - Standard

HEUR:Exploit.Java.CVE-2012-1723.gen



Hallo und Hilfe,
unser Kaspersky Anti-Virus 2013 hat folgende 2 Trojaner gefunden:

HEUR:Exploit.Java.CVE-2012-1723.gen
Object: C:\Documents and Settings\Manuela\...ocal\Temp\jar_cache1975677933599031230.tmp

HEUR:Exploit.Java.CVE-2012-1723.gen
Object: C.\Documents and Settings\Manuela\A...va\Deployment\cache\6.0\61\20f6e3d-2808c67a


Hier OTL.txt + Extras.txt aus Schritt 2:

OTL logfile created on: 17.03.2013 19:15:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manuela\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 49,63% Memory free
6,19 Gb Paging File | 4,12 Gb Available in Paging File | 66,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 65,01 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 117,69 Gb Free Space | 83,76% Space Free | Partition Type: NTFS

Computer Name: MANUELA | User Name: Manuela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.17 19:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe
PRC - [2012.11.16 07:34:01 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.25 15:29:02 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012.02.23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.07.22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011.07.07 16:54:00 | 000,399,312 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.06.08 12:22:36 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Manuela\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.05.30 02:04:45 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2008.05.30 02:04:41 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2008.05.24 01:58:34 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2008.04.24 10:03:34 | 003,337,728 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2008.03.13 10:24:20 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.03.11 19:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.11 10:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.07 15:05:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.07 03:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.03.05 14:55:24 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.03.05 10:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.03.04 20:21:06 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.02.15 08:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.10.03 13:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 13:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.04.24 17:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.03.27 11:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe
PRC - [2006.10.23 01:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2005.06.23 19:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.15 19:29:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll
MOD - [2013.02.15 19:26:05 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013.01.11 20:00:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.11 19:54:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 19:53:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.11 19:52:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.11 19:50:41 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.11 19:49:51 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll
MOD - [2013.01.11 19:47:17 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.11 19:46:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.08.17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.30 02:04:45 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2008.05.30 02:04:41 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
MOD - [2008.05.30 01:43:13 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2008.05.30 01:43:04 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2008.05.30 01:43:03 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2008.05.30 01:31:57 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2008.05.24 01:02:14 | 000,188,416 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdudatr.dll
MOD - [2008.05.19 14:58:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.core.dll
MOD - [2008.05.19 14:58:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.monitor.common.dll
MOD - [2008.05.19 14:57:11 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008.03.28 19:25:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.03.28 19:25:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.03.28 19:25:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.03.25 17:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2008.03.11 09:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.03.05 14:55:28 | 000,753,664 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.03.05 14:55:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.03.04 23:38:16 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.02.25 02:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007.09.11 10:12:08 | 000,475,136 | ---- | M] () -- C:\Program Files\Acer\Acer VCM\AcerControl.dll
MOD - [2007.04.24 17:44:26 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.04.24 17:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Services (SafeList) ==========

SRV - [2013.03.13 13:27:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.16 07:34:01 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2011.07.22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.24 01:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008.05.24 01:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2008.03.07 15:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.02.15 08:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.10.03 13:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.02.08 15:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.11.16 07:38:53 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.11.16 07:38:52 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.10.01 13:40:16 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.01 13:40:15 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.08.13 15:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 14:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 16:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2011.12.29 17:38:52 | 000,000,000 | ---D | M] [Kernel | On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Media Maker 8\NTI Ripper Suite\ -- (N)
DRV - [2011.10.02 18:50:25 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Manuela\AppData\Local\Temp\Fadpu16E.sys -- (Fadpu16E)
DRV - [2011.07.13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.07.13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2010.05.20 14:27:01 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.05.20 14:25:28 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.05.20 14:25:28 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.02.18 08:21:54 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010.02.18 08:21:52 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010.02.18 08:21:50 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009.08.05 05:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.24 10:03:26 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.03.07 18:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.03.05 08:25:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.02.29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 08:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2008.01.08 20:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.12.18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 08:30:52 | 000,041,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stusb2ir.sys -- (stusb2ir)
DRV - [2005.05.24 15:01:16 | 000,077,040 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800obex.sys -- (w800obex)
DRV - [2005.05.24 15:00:56 | 000,079,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005.05.24 15:00:46 | 000,087,424 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005.05.24 15:00:44 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005.05.24 15:00:37 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110004&babsrc=SP_ss&mntrId=42349c8d000000000000001f3aed237e
IE - HKCU\..\SearchScopes\{6001606F-6620-449C-B6E2-C6D55264C32B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=1C15A5B4-6F15-4865-A77C-CE153D58D647&apn_sauid=F2BFD017-B8A6-4939-A73C-F184A24CAF2C
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deDE288
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 07:47:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 07:47:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 07:47:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FLV Runner Toolbar) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found
O4 - Startup: C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ist-webservice.de ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5552039-6C3E-4391-B9D4-C010D4C44610}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: D:\manu\Bilder\Mallorca 2011\SDC13091.JPG
O24 - Desktop BackupWallPaper: D:\manu\Bilder\Mallorca 2011\SDC13091.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.17 19:13:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe
[2010.02.23 18:27:06 | 017,028,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\pdfmailer4de.exe
[2008.11.27 08:34:29 | 068,756,776 | ---- | C] (Apple Inc.) -- C:\Users\Manuela\iTunesSetup.exe
[2002.03.11 10:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002.03.11 09:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Manuela\*.tmp files -> C:\Users\Manuela\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.17 19:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.17 19:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe
[2013.03.17 19:13:48 | 000,000,524 | ---- | M] () -- C:\Users\Manuela\Desktop\Die Dummheit drängt sich vor, um gesehen zu werden, die Klugheit steht zurück , um zu sehen!.website
[2013.03.17 19:12:07 | 000,000,000 | ---- | M] () -- C:\Users\Manuela\defogger_reenable
[2013.03.17 19:11:04 | 000,050,477 | ---- | M] () -- C:\Users\Manuela\Desktop\Defogger.exe
[2013.03.17 18:40:54 | 000,056,605 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.17 18:40:54 | 000,056,605 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.17 18:40:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.17 15:08:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 15:08:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 18:15:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.03.15 18:13:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.03.12 10:13:43 | 000,674,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.12 10:13:43 | 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.12 10:13:43 | 000,146,484 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.12 10:13:43 | 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.08 13:11:09 | 000,000,457 | ---- | M] () -- C:\Users\Manuela\Desktop\aok-bv.de wichtig ab S.27.....website
[2013.03.06 20:52:01 | 400,367,177 | ---- | M] () -- C:\Windows\MEMORY.DMP
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Manuela\*.tmp files -> C:\Users\Manuela\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.17 19:12:07 | 000,000,000 | ---- | C] () -- C:\Users\Manuela\defogger_reenable
[2013.03.17 19:10:55 | 000,050,477 | ---- | C] () -- C:\Users\Manuela\Desktop\Defogger.exe
[2013.02.14 19:35:47 | 000,000,680 | ---- | C] () -- C:\Users\Manuela\AppData\Local\d3d9caps.dat
[2012.07.07 12:38:53 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.07.07 12:38:53 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.07.07 12:38:53 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.07.07 12:38:53 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.07.07 12:38:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.07.07 12:38:53 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.07.07 12:38:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.07.07 12:38:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.07.07 12:38:53 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.07.07 12:38:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.07.07 12:38:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.07.07 12:38:53 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.07.07 12:38:53 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.07.07 12:38:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.07.07 12:38:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.07.07 12:38:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.07.07 12:38:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.07.07 12:38:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.07.07 12:38:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.04.05 14:50:37 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2012.03.29 15:02:52 | 000,000,221 | ---- | C] () -- C:\Windows\scrantic.ini
[2011.10.31 11:28:31 | 000,017,408 | ---- | C] () -- C:\Users\Manuela\AppData\Local\WebpageIcons.db
[2011.09.18 16:01:14 | 000,000,000 | ---- | C] () -- C:\Windows\jcmkr32.INI
[2011.08.03 12:59:04 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.08.03 12:57:48 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.06.08 16:07:10 | 002,260,312 | ---- | C] () -- C:\Program Files\TeamViewerQS.exe
[2010.02.23 18:52:39 | 001,720,832 | ---- | C] () -- C:\Program Files\FreePDF4.02.EXE
[2009.12.01 15:07:22 | 000,000,095 | ---- | C] () -- C:\Users\Manuela\AppData\Local\fusioncache.dat
[2009.12.01 13:23:30 | 000,022,328 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\PnkBstrK.sys
[2009.04.05 12:34:51 | 000,219,441 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\NMM-MetaData.db
[2009.03.30 18:02:27 | 000,000,488 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\wklnhst.dat
[2009.03.26 10:45:50 | 000,001,074 | RH-- | C] () -- C:\Users\Manuela\XrxWm.ini
[2009.03.26 10:45:50 | 000,000,522 | RH-- | C] () -- C:\Users\Manuela\xw45cpdy.dyc
[2009.01.20 08:25:35 | 000,024,227 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\UserTile.png
[2008.10.19 15:53:00 | 000,057,344 | ---- | C] () -- C:\Users\Manuela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.30 17:09:26 | 135,427,055 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2008.09.30 16:48:40 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008.09.30 16:48:38 | 009,776,640 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
[2008.09.18 17:08:54 | 000,424,728 | ---- | C] () -- C:\Program Files\setup.exe
[2008.07.14 18:56:42 | 000,000,387 | -H-- | C] () -- C:\ProgramData\hpothb07.dat
[2008.07.14 18:56:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\hpothb07.tif
[2008.05.23 22:46:26 | 000,056,605 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.05.23 22:22:57 | 000,056,605 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.06.20 07:41:51 | 000,000,000 | -HSD | M] -- C:\Users\Manuela\AppData\Roaming\.#
[2009.04.22 16:52:14 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\5600-6600 Series
[2008.03.28 19:43:38 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Acer GameZone Console
[2012.07.11 14:53:14 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Amazon
[2011.08.03 12:59:14 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Atari
[2012.03.11 13:25:27 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Babylon
[2008.06.19 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Big Fish Games
[2009.03.26 13:35:26 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Buhl Data Service
[2011.08.29 16:31:18 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Cornelsen
[2011.10.21 09:40:16 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Garmin
[2009.01.19 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\gotomaxx
[2008.11.21 16:45:24 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Leadertech
[2009.04.07 18:13:33 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Lexmark Productivity Studio
[2008.07.14 19:14:19 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Nokia
[2010.10.07 18:05:07 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Nokia Multimedia Player
[2009.06.04 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\NSeries
[2008.12.22 14:46:59 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\OpenOffice.org
[2008.07.14 19:08:48 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\PC Suite
[2010.06.08 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\TeamViewer
[2009.03.30 18:02:26 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Template
[2008.06.08 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Validity

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F

< End of report >









OTL Extras logfile created on: 17.03.2013 19:15:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manuela\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 49,63% Memory free
6,19 Gb Paging File | 4,12 Gb Available in Paging File | 66,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 65,01 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 117,69 Gb Free Space | 83,76% Space Free | Partition Type: NTFS

Computer Name: MANUELA | User Name: Manuela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0560BD41-0AC3-4056-BE97-2EEE3923A16A}" = rport=138 | protocol=17 | dir=out | app=system |
"{15315CD1-B3FC-401F-B49E-0D6E24C9E3BE}" = lport=138 | protocol=17 | dir=in | app=system |
"{23349A57-35BE-4753-8744-2594D611D5D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{39494384-8CF5-4EC7-934F-024DFCECE6D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B934D03-89FC-4A5F-976A-EE462993FA0B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45A73033-1791-43A6-BD36-13E5CA653032}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5EE5E4E1-B8CC-45EF-990E-6D0A5FC5CDCD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6D6275E6-F32F-4EFD-839A-674993DF840C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7786A30D-5FE5-4F4B-9243-A9C80EDE6DD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77AAC9B1-F324-47DF-B0CF-4F0C7672C87B}" = rport=139 | protocol=6 | dir=out | app=system |
"{80529EC0-77B0-493A-BE26-CFC078783A5D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8ED8FA9F-BE7D-4A72-B8A6-EA180023B206}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2513332-9C1B-460D-BD0C-1B094B369FE2}" = rport=445 | protocol=6 | dir=out | app=system |
"{B06A19E6-BF2F-4DF3-9411-DD4F1335BF93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2200EFC-DC61-4477-899A-2F8A4132F58B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7F3DA22-5729-45E3-88A1-734843141F82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E03314DA-B476-40FC-AAAE-C7AD9AD482EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{E1261B5C-A294-46EB-87C8-373455389D92}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124F29BE-078B-4BF4-BCBF-844B745A2227}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{130C917A-C300-4C9A-914A-B81EC2489829}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{2538C667-6724-48BD-9FC6-0030A61EE26C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B036B52-512B-41AE-B259-84994FA6DBB8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2C2D0B77-6D92-490C-8BCF-43728BE421E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3045F5BB-320A-4B13-9038-C190498E65EB}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{31E9A4CE-6CC9-45C1-8B95-BAE14C0B4642}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3206954B-EB5C-485D-902D-5502E90B5F52}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{35113B23-8D9A-418D-8DCF-8925199991B1}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{4401B2FE-F3D0-451C-99E0-43C05D7DF6F7}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{49E7C65E-6B52-4F1A-ABF4-BCE027275ECF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{51688B2F-D005-4730-83ED-4E401561BB73}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5ECB5E49-AD74-4C01-9AE7-36704ED80D34}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{6AC2BE6D-C85E-41F7-A8B3-3E27EAFA2E35}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6AE50F53-9904-4112-B0BA-1393421175DA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6C203B62-7A00-4F98-AE42-CBE349111E60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C358823-09F9-4E0B-8D7B-1B8569BA381A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6CAACFB8-40B9-453E-94D3-9517AAC6FEA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79410BEF-A1FB-4628-B063-3A069F0463BC}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{7A631DF6-64AE-465C-BA99-95EF36A7E2C8}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{8275DA59-C648-4B25-9B6C-8511DE5E780B}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{8380C441-F4A3-4357-A13A-7CBF4E2FF24C}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{85D75BC6-C4E4-406F-A713-0F22E1DD6D01}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{8D8EDE60-F036-4B3D-93D1-67C2B43B9F2A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9B25DF26-A70E-469E-9089-9DFC9FFE9649}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9CEBC1CF-FD09-4DCD-8DFA-02808335EC44}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{A891A725-FCF3-41B1-8089-B99B89DA4471}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{AA7E51A5-88E2-41DB-A3B1-854555364140}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AFC1C27F-8F44-4AA6-97B2-75FCA6BDBF38}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{B1DE6543-6BBE-4A41-8F0F-69DFDE0C7475}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6345513-26EC-41D4-9B9E-DB45FF70230F}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{B94A622C-1AD7-40F1-810A-6C9F5E63385A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BEAD42D9-041B-4DBD-97F8-3EC0B57DF6DB}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C06455C9-42DE-4DDC-9423-C6A2AD0B71B2}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{D160D460-C4DE-450B-A91D-B124A0149FED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D26AB9D1-DA7D-4DFE-B9E2-7C0458AEEFE8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D620787F-2ADE-42B9-8871-F742DB241306}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{F43EE34C-2A2A-459B-A48C-C587C0DD3FE3}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4162E4B4-DB62-4719-9921-A59B2671C1CB}" = Nero Recode 11
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Backup & Recovery™ 10 Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5F58EF0F-3E92-49B9-A315-872C65F30F05}" = PHOTOfunSTUDIO 8.1 PE
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop 2008
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8491AD-D0D2-4B51-AA4A-A8B67795A553}" = Nero Burning ROM 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8C856AD-63CD-4613-AA29-E6C85607EA06}" = Nokia Software Launcher
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 4.014
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E89BAE75-3446-43BA-B180-7F11692A9778}" = nero.prerequisites.msi
"{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}" = Nero 11
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F89E5AD8-AE47-49B5-B9F9-C498791E6255}" = Nokia NSeries Music Manager
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Acer Acer Bio Protection 6.0.00.08" = Acer Bio Protection

AAV 6.0.00.08
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"BabylonToolbar" = Babylon toolbar on IE
"FLV_Runner Toolbar" = FLV Runner Toolbar
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GridVista" = Acer GridVista
"HCS-WIN" = HCS-WIN
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"I Want This" = I Want This
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Searchqu Toolbar" = Searchqu Toolbar
"SmartTRAK" = SmartTRAK
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"Win-Vermieter 3" = Win-Vermieter 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Creator" = FoxTab PDF Creator

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17.03.2013 13:40:26 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6864200

Error - 17.03.2013 13:40:28 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17.03.2013 13:40:28 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6867008

Error - 17.03.2013 13:40:28 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6867008

Error - 17.03.2013 13:40:30 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17.03.2013 13:40:30 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6868755

Error - 17.03.2013 13:40:30 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6868755

Error - 17.03.2013 13:40:34 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17.03.2013 13:40:34 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6872203

Error - 17.03.2013 13:40:34 | Computer Name = Manuela | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6872203

[ Media Center Events ]
Error - 08.06.2011 06:51:05 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 26.07.2011 11:08:35 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 24.12.2011 09:11:28 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 24.12.2011 09:23:52 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 31.05.2012 06:04:59 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 03.06.2012 07:10:45 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 03.06.2012 07:22:07 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 27.07.2012 11:13:25 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 27.07.2012 11:13:42 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 27.07.2012 11:14:15 | Computer Name = Manuela | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


[ System Events ]
Error - 15.03.2013 08:25:20 | Computer Name = Manuela | Source = Service Control Manager | ID = 7000
Description =

Error - 15.03.2013 12:50:15 | Computer Name = Manuela | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.03.2013 um 17:48:42 unerwartet heruntergefahren.

Error - 15.03.2013 12:50:47 | Computer Name = Manuela | Source = Service Control Manager | ID = 7009
Description =

Error - 15.03.2013 12:50:47 | Computer Name = Manuela | Source = Service Control Manager | ID = 7000
Description =

Error - 15.03.2013 13:05:15 | Computer Name = Manuela | Source = DCOM | ID = 10005
Description =

Error - 15.03.2013 13:05:15 | Computer Name = Manuela | Source = Service Control Manager | ID = 7009
Description =

Error - 15.03.2013 13:05:15 | Computer Name = Manuela | Source = Service Control Manager | ID = 7000
Description =

Error - 15.03.2013 13:12:51 | Computer Name = Manuela | Source = Service Control Manager | ID = 7043
Description =

Error - 15.03.2013 13:15:20 | Computer Name = Manuela | Source = Service Control Manager | ID = 7009
Description =

Error - 15.03.2013 13:15:20 | Computer Name = Manuela | Source = Service Control Manager | ID = 7000
Description =


< End of report >



Könnt ihr uns bitte helfen??

Liebe Grüße
Manuela

Alt 18.03.2013, 12:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HEUR:Exploit.Java.CVE-2012-1723.gen - Standard

HEUR:Exploit.Java.CVE-2012-1723.gen



Hallo und

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall RegistryBooster.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
zu deinstallieren.



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Antwort

Themen zu HEUR:Exploit.Java.CVE-2012-1723.gen
babylontoolbar, bandoo, bho, bonjour, entfernen, error, excel, failed, firefox, flash player, helper, heur, home, install.exe, kaspersky, launch, logfile, office 2007, plug-in, popup, prozess, realtek, registry, rojaner gefunden, rundll, scan, software, svchost.exe, tastatur, trojaner, vista




Ähnliche Themen: HEUR:Exploit.Java.CVE-2012-1723.gen


  1. HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (13)
  2. HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (12)
  3. Kaspersky Internet Security meldet Fund: HEUR:Exploit.Java.CVE-2012-1723.gen
    Log-Analyse und Auswertung - 15.10.2013 (13)
  4. Kaspersky - HEUR:Exploit.Java.CVE-2012-1723.gen
    Log-Analyse und Auswertung - 21.09.2013 (3)
  5. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  6. Stress mit "HEUR:Exploit.Java.CVE-2012-1723.gen"
    Log-Analyse und Auswertung - 24.06.2013 (23)
  7. Kaspersky - gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (5)
  8. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  9. Kaspersky erkennt HEUR:Exploit.Java.CVE-2012-0507/1723.gen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (3)
  10. Heur:Exploit.java.cve-2012-1723.gen entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (46)
  11. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt
    Log-Analyse und Auswertung - 09.04.2013 (18)
  12. Trojaner: "HEUR:Exploit.Java.CVE-2012-1723.gen" in c:\documents and settings\ela\appdata\local\temp\jar_cache8475908429309578927.tmp
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (6)
  13. Trojaner gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (3)
  14. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  15. HEUR:Exploit.Java.CVE-2012-1723.gen in c:/documents and settings/.../appdata/locallow/sun/java/deployment/cache/6.0/1/3935ec1-7693a783
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (2)
  16. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  17. HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (15)

Zum Thema HEUR:Exploit.Java.CVE-2012-1723.gen - Hallo und Hilfe, unser Kaspersky Anti-Virus 2013 hat folgende 2 Trojaner gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen Object: C:\Documents and Settings\Manuela\...ocal\Temp\jar_cache1975677933599031230.tmp HEUR:Exploit.Java.CVE-2012-1723.gen Object: C.\Documents and Settings\Manuela\A...va\Deployment\cache\6.0\61\20f6e3d-2808c67a Hier OTL.txt + Extras.txt aus Schritt 2: OTL - HEUR:Exploit.Java.CVE-2012-1723.gen...
Archiv
Du betrachtest: HEUR:Exploit.Java.CVE-2012-1723.gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.