| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skypevirus, bist du das?...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2013, 22:16
| #1 |
| |  Skypevirus, bist du das?... hallo liebe forumsuser, ich habe kurz nicht aufgepasst und zum ersten mal in meinem leben eine mir unbekannte datei geöffnet; kam per skype: "dies ist ein sehr schönes foto von dir hxxp://fur.ly/9jnk?foto=iaa001 " danach hat sich der ~wurm wie gehabt an alle meine kontakte verschickt, ich hab ihnen natürlich sofort bescheid gegeben und dann gegoogelt und schließlich das sempervideo befolgt (ja, ich weiß, youtubevideos als quelle und so..). hxxp://www.youtube.com/watch?v=2UiU0WESg-Q pc wurde mehrmals neu gestartet und skype auch. skype gelöscht und wieder installiert. mein virenprogramm (avira) hat auch etw gefunden und zerstört. allerdings möchte ich doch etwas mehr sichherheit. danke für eure zeit und hilfe schon jetzt! Joe |
|
26.05.2013, 22:33
| #2 |
| /// TB-Ausbilder   | Skypevirus, bist du das?... Hi,
__________________diese Problembeschreibung hab ich irgendwie teilweise wortwörtlich schon mal gelesen.. Wohl hier: http://www.trojaner-board.de/135320-skypevirus.html Ist das nur ein grosser Zufall oder gibt einen Grund für den neuen Thread..?
__________________ |
|
26.05.2013, 23:03
| #3 |
| | Skypevirus, bist du das?... Gibt es, da ich quasi auch betroffen bin und eine Analyse auf jeden abgestimmt sein sollte oder?
__________________Hier die Ergebnisse der scans: OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/26/2013 11:23:34 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johannes\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 67.77% Memory free 8.00 Gb Paging File | 6.50 Gb Available in Paging File | 81.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 209.50 Gb Free Space | 44.99% Space Free | Partition Type: NTFS Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/26 23:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe PRC - [2013/05/06 13:43:05 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/04/09 16:44:05 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2013/03/28 10:43:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/03/28 10:42:53 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/02/29 13:09:28 | 000,105,472 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHdaSvc.exe PRC - [2012/02/22 20:55:48 | 000,885,760 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe PRC - [2011/10/19 16:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2010/09/16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2006/12/26 17:08:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013/05/18 23:18:35 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013/05/18 23:18:23 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/18 23:18:17 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013/05/18 23:18:08 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/04/09 16:44:05 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2013/01/09 18:58:09 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/09 18:57:46 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/09 18:57:39 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/09 18:57:25 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/02/23 12:56:38 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\de-DE\SBRnPCIe.resources.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll MOD - [2011/05/24 23:41:58 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/09/16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010/09/16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe MOD - [2006/12/26 17:08:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe ========== Services (SafeList) ========== SRV:64bit: - [2011/04/20 04:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/03/28 10:43:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/03/28 10:42:53 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/12/10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/05/29 14:26:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service) SRV - [2012/05/23 13:03:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012/05/23 13:02:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012/02/29 13:09:28 | 000,105,472 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc) SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011/10/19 16:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/03/28 10:43:03 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/03/28 10:43:03 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/03/28 10:43:03 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/29 13:15:40 | 000,023,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtHDb.sys -- (CTHDB) DRV:64bit: - [2012/02/29 13:15:18 | 001,271,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthda.sys -- (cthda) DRV:64bit: - [2011/08/19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011/08/19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011/05/25 00:04:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/05/25 00:04:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/05/25 00:01:25 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2011/05/25 00:01:25 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2011/05/25 00:01:18 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2011/05/25 00:01:18 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2011/04/20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/04/20 03:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/21 21:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/07 11:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011/03/07 11:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/12/08 20:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2010/12/08 20:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010/09/02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010/08/16 12:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/07/08 15:18:38 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/09 11:14:52 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3) DRV:64bit: - [2010/02/04 03:54:00 | 000,054,272 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_xp64.sys -- (fspad_xp64) DRV:64bit: - [2010/02/04 03:54:00 | 000,054,272 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64) DRV:64bit: - [2009/11/16 07:45:26 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) DRV:64bit: - [2009/11/16 07:45:22 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1) DRV:64bit: - [2009/11/06 14:42:06 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/09/02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/06/17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009/06/17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2009/06/17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/03 14:57:04 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/06/03 00:58:24 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA) DRV:64bit: - [2009/05/07 08:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:64bit: - [2009/05/07 08:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 DE 7B 45 8E 55 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Johannes\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\windows\Syswow64\CMICNFG3.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Sound Blaster Recon3D PCIe Control Panel] C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe (Creative Technology Ltd) O4 - HKLM..\Run: [tvjbmonitor] C:\Program Files (x86)\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe () O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Johannes\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B18ABAB4-76D1-40F6-96A7-814658E55D03}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{635ef25a-b915-11e1-a5f0-001999a8c6ef}\Shell - "" = AutoRun O33 - MountPoints2\{635ef25a-b915-11e1-a5f0-001999a8c6ef}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/26 23:22:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2013/05/20 21:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/05/20 21:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/05/20 21:28:19 | 030,670,440 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Johannes\Desktop\SkypeSetupFull107.exe [2013/05/19 10:44:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Verschiedenes [2013/05/15 13:28:35 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\paar filme [2013/05/15 11:07:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\ipad pics [2013/05/15 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Apple Computer [2013/05/15 11:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/05/15 10:59:52 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE [2013/05/15 10:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/05/15 10:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/05/15 10:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/05/15 10:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/05/15 10:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013/05/15 10:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013/05/15 10:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013/05/06 13:43:47 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013/04/29 17:43:05 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\TV Jukebox [2013/04/29 17:42:13 | 000,028,672 | ---- | C] (afa) -- C:\windows\SysNative\AF15BDAEX.dll [2013/04/29 17:42:08 | 000,151,552 | ---- | C] (Meta Media Inc.) -- C:\windows\SysWow64\MPEG2VideoDMO.dll [2013/04/29 17:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Jukebox 3.5 [2013/04/29 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MMEDIA [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/26 23:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2013/05/26 23:21:41 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\defogger_reenable [2013/05/26 23:21:15 | 000,050,477 | ---- | M] () -- C:\Users\Johannes\Desktop\Defogger.exe [2013/05/26 22:32:58 | 000,016,768 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/26 22:32:58 | 000,016,768 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/26 22:30:28 | 001,507,500 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/05/26 22:30:28 | 000,659,582 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013/05/26 22:30:28 | 000,619,532 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/05/26 22:30:28 | 000,131,732 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013/05/26 22:30:28 | 000,107,852 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/05/26 22:25:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/05/26 22:25:40 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs [2013/05/26 22:25:30 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys [2013/05/24 12:40:01 | 000,000,940 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-166632366-344039373-2301395732-1000UA.job [2013/05/23 18:40:00 | 000,000,918 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-166632366-344039373-2301395732-1000Core.job [2013/05/20 21:29:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/05/20 21:28:39 | 030,670,440 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Johannes\Desktop\SkypeSetupFull107.exe [2013/05/19 10:07:57 | 000,441,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/05/14 17:20:44 | 000,004,015 | ---- | M] () -- C:\Users\Johannes\.recently-used.xbel [2013/05/06 13:43:18 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/26 23:21:41 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\defogger_reenable [2013/05/26 23:21:15 | 000,050,477 | ---- | C] () -- C:\Users\Johannes\Desktop\Defogger.exe [2013/05/20 21:29:09 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013/05/14 17:20:44 | 000,004,015 | ---- | C] () -- C:\Users\Johannes\.recently-used.xbel [2013/04/29 17:42:13 | 000,000,140 | ---- | C] () -- C:\windows\SysNative\af15irtbl.bin [2013/02/20 16:50:25 | 000,000,048 | ---- | C] () -- C:\Users\Johannes\.gtk-bookmarks [2012/05/14 09:06:59 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\VmixP6.dll [2012/05/14 09:06:49 | 000,000,881 | ---- | C] () -- C:\windows\Cmicnfg3.ini.cfl [2012/05/14 09:06:05 | 000,002,123 | ---- | C] () -- C:\windows\Cmicnfg3.ini.cfg [2012/05/14 09:06:05 | 000,001,583 | ---- | C] () -- C:\windows\Cmicnfg3.ini.imi [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011/08/19 11:26:20 | 010,898,456 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll [2011/08/19 11:26:20 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll [2011/08/19 11:26:20 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe [2011/07/27 00:26:17 | 000,000,286 | ---- | C] () -- C:\windows\game.ini [2011/07/25 17:56:53 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini [2011/07/20 23:17:22 | 000,017,408 | ---- | C] () -- C:\Users\Johannes\AppData\Local\WebpageIcons.db [2011/07/06 16:33:20 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2011/07/06 16:28:46 | 001,530,720 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/06/28 20:44:26 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/10/06 00:13:27 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Pro [2013/05/22 18:49:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dropbox [2012/09/27 11:02:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft [2012/09/26 14:54:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers [2013/05/14 17:20:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0 [2011/12/08 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\ICQ [2011/07/12 14:17:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Leadertech [2011/07/21 00:24:16 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\LolClient [2012/09/26 14:47:32 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenCandy [2011/07/12 14:38:31 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Opera [2012/07/16 18:54:35 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\thriXXX [2012/12/12 21:24:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TS3Client [2012/09/26 14:48:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TuneUp Software [2012/05/22 12:28:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft [2013/04/09 01:44:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\www.rene-zeidler.de ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 5/26/2013 11:23:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 67.77% Memory free
8.00 Gb Paging File | 6.50 Gb Available in Paging File | 81.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 209.50 Gb Free Space | 44.99% Space Free | Partition Type: NTFS
Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E9D20F2-89AF-458A-8BCB-15F6C7711649}" = lport=1688 | protocol=6 | dir=in | svc=sppsvc | app=%systemroot%\system32\sppsvc.exe |
"{146F4DD8-7559-4B68-9AE4-176BAFBD9EA9}" = lport=5357 | protocol=6 | dir=in | app=system |
"{151E08C2-CECF-4751-A5BC-3364FAEBEA10}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{18FF81FA-ED70-4800-AB57-E5D8485EC72D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19B91ED3-69F9-46E7-907E-4D8D4EFE2CB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1CA1C597-8797-45FD-9D9A-D56B18C09DA8}" = lport=56311 | protocol=17 | dir=in | name=pando media booster |
"{1D07F665-76EB-4A8F-A321-0B9AF9692BA9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1D9F1343-03DF-4F1F-8EA4-47B6EFD7F81A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{20843637-28E4-4E13-8E59-8B78D9330A59}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{277CA234-9800-4DF6-BE79-4953029D6CA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{308C48C6-97A5-4A1E-89BC-5D629752E762}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B2BC0DA-469E-4B27-89A4-BE45CEC2BAD6}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E654F8F-148A-4821-97AC-B44F0D22A834}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45DE20BB-0BCB-4601-8133-D9863FD9C2F0}" = lport=57694 | protocol=17 | dir=in | name=pando media booster |
"{46B56C2E-EF1E-4EA9-8D20-8B50D1AA5909}" = lport=5358 | protocol=6 | dir=in | app=system |
"{4AA8CCED-C48C-4362-9813-A54AE8BADEC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{50BE8582-0C52-4729-9BE2-C8E6C327E5BB}" = lport=137 | protocol=17 | dir=in | app=system |
"{59FD0450-80BF-46F1-9FF9-DF5DA12D54A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{640E0DE6-58D4-4F5D-B469-268787465A08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{66E9869A-34A2-4F77-9CA5-24979AD0594A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A6E77E6-BE8B-4D81-B7B9-350F388EFBDB}" = lport=56311 | protocol=6 | dir=in | name=pando media booster |
"{6D1C3C0C-5A32-4810-9433-D7953E9DC378}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71F825CC-C783-4C78-9997-E3CA1A3B3E88}" = rport=139 | protocol=6 | dir=out | app=system |
"{77B9D42E-A016-4EB6-B086-912C9B6BD7ED}" = lport=56311 | protocol=17 | dir=in | name=pando media booster |
"{78651257-E0BD-4F0F-84EB-2E56F1B334F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C283E2D-3FF2-48EF-8CC9-3836AB5C9230}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{862DF44B-DA98-4E14-AA84-B429468DC8E7}" = lport=57694 | protocol=6 | dir=in | name=pando media booster |
"{89E1403C-FFE9-438D-AA6C-F4B819FB98A5}" = rport=5357 | protocol=6 | dir=out | app=system |
"{8DE193E7-B9A2-47B5-92DE-DF127E5C8292}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EFB3F2F-2BB9-46CA-8837-DC8523A9A9DE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{932BDF7B-07CF-4652-B870-2C9FD73D6A5F}" = rport=445 | protocol=6 | dir=out | app=system |
"{9C8DFA05-FE44-46CF-8029-D30445DB0A94}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{A0096BF9-0237-48D9-BD91-F52612A40E16}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A696FC67-D4F7-4AE2-B994-987BCD9160E4}" = lport=57694 | protocol=17 | dir=in | name=pando media booster |
"{AA3FF32B-6725-428F-B8DD-84EEB04A6A8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B19C9166-DF67-4373-B903-1E939C5E5E7F}" = lport=57694 | protocol=6 | dir=in | name=pando media booster |
"{B1A5B835-58C7-4916-953E-E77733BD3C2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBCF4EFE-3906-4C6A-8582-F6A8DDDAA569}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD39BFC4-8635-4AC5-8123-B4A4F7F2C4A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA75EBF4-3847-41A8-90FB-19B227EAD0B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{CBF1F1BB-E920-40D5-A6D3-909FF77224EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF2F6D1C-011F-4DC0-ABCA-C43541BC40A0}" = lport=56311 | protocol=6 | dir=in | name=pando media booster |
"{D13E0A25-FB7A-4215-BDC2-47F061F1EEA3}" = rport=5358 | protocol=6 | dir=out | app=system |
"{DBCB4F22-B81D-4E20-9072-32A4D2F24090}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE040E89-3889-47E8-B5A2-BC4ECDDF64D2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{FBA5485B-E8F0-40A9-943C-9D5C76A8B12D}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE37B54C-587F-4F5E-BA0D-DF55C8B26307}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09430173-B16F-4BE8-BCB4-1B1AB661EBA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09976B02-B953-46FA-B349-9EEFD150B3FB}" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"{0B3817BF-12ED-4145-8A6B-8DFDA740F07E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{0EF99271-356A-4FFE-A9CD-7D0BC130CA98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |
"{0F9A85D3-5078-49AC-8385-2AF85CBD87A6}" = protocol=6 | dir=in | app=d:\alicesetup.exe |
"{108F05E9-4490-400C-97AB-1675D1FC9B48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{124038C7-F069-4558-A63D-A94B54D7D248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of juarez - the cartel\coj_thecartel.exe |
"{1871AC01-E340-48FF-9CEB-AB54BD64394C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{1B6E8FBA-159B-406E-9985-61162229B858}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{1D433CFF-BC08-4B8E-8A01-2F0678D2C19F}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{2ADBFD26-38EA-4A4F-8BB8-A7AED00FCC34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FE9F2E1-D950-47C9-8EBD-532CC5794FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{3366A890-5291-4139-A1F5-60E4BC234BC4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{33E90E1A-1998-4585-A10F-2E06A04793C2}" = protocol=6 | dir=out | app=system |
"{34F2A309-B891-446C-AC6A-067BB704D514}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |
"{35C1FE3F-AB1D-4B8D-9BE6-74E465A80DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{35D67C7F-8752-4B0C-8668-0FD2387A9C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3E18066A-A7B7-458B-98C9-E813195E613E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{3F71B6F2-84AF-40DC-874B-1EAFCB909129}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{4022F6CC-E3D8-4923-AB7C-E38BB6763B5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{406C0A10-4EF2-4194-B237-6DF1A7A08BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\counter-strike source\hl2.exe |
"{4099E88D-81FB-40DA-9566-3F48D663C295}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\day of defeat source\hl2.exe |
"{41A9A0B0-9ED1-4EC0-88DB-9176402BC81C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{432653A8-3DFE-4A85-A5DD-38425D1C8270}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{440CF669-39CE-4FAC-BBDB-B2CCF4D5B8D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{45819E5E-E3A6-4979-B614-5869A1C94A73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of juarez - the cartel\coj_thecartel.exe |
"{4B60837B-FE3B-4189-B036-446AE3B018A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{4C80E694-3CE8-4E7A-8E27-5AA500F68C49}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{4D02A5FE-ECBB-4665-95DB-7E75B92E9479}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4D58FAEC-15AE-4ACC-ABDB-CADF160CB983}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{4D864935-31D9-4E36-8AD5-1A6CF78F4D6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe |
"{4E96F502-D2F3-4909-9DCD-40081A200D31}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{50DA729A-F15B-4965-B9F8-031A22D47A2C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{518FF1E8-F368-4FC1-90DC-BD799A3BB4A6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{539A8129-649B-4D19-AA5D-A75178A55F2F}" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"{554921E5-27B4-4401-835F-D1CA7896F7FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{576E92AC-F1AF-44EB-A7BC-A61DED12B165}" = protocol=17 | dir=in | app=d:\alicesetup.exe |
"{57C5B376-07BD-41F2-975A-27633CF773E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\counter-strike source\hl2.exe |
"{585F5835-1210-4F92-936A-D42408662904}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{5A62A45E-CB63-4C68-B11C-BBBC7703B8C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EE215A3-9358-4940-B850-C5CEA9296B87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe |
"{61F47F9F-7F08-4FD2-A3B1-8C98C18014DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{62FE1537-4753-4B97-9DD2-E91597F97BEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{645DF050-3BCA-4CB1-9024-F079AE353169}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{658454C6-98D7-4449-A928-5416DDD7298E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B037C13-715C-4697-A8EC-1E7D34D3FABD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6C5DE45D-3F3F-449C-A24A-DDEC42413772}" = protocol=17 | dir=in | app=c:\users\johannes\desktop\games\prototype\prototypef.exe |
"{6DBCAEB3-050D-4CE5-8D59-CD95EFFB68A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{6EA4DD64-49EF-45CC-A3E7-20C455DBEF23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe |
"{710A0E9A-B0E2-43B4-8AE0-308BBBF0D39B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7435A8DC-D952-4B07-8D3D-33AFA995D86E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{76168F80-C6D1-426D-A856-5D0DB012EF5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{76CF508C-63CC-4185-8DCB-D7A134CB1D9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\counter-strike source\hl2.exe |
"{786055BA-20BF-4044-9D21-A822181C61A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C038F69-BF5C-40AB-9350-704E01C9D085}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C76140E-59D9-4750-85A1-BB2AF07295FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7D5A6193-B90C-4C04-BCF0-CA6C9B379CE8}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{7E7E1AC2-BA86-49E8-BD72-C4AA81135EB6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8019F3AC-CF69-4B7B-AD64-668A395DAB22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8028F177-7E49-4DD5-A561-2C22DCCEDE21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{81742748-8D6A-4B12-A18D-B36A479023F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars the force unleashed 2\swtfu2.exe |
"{821B7280-5269-4ED7-81B6-9095EC790726}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{82C752F7-3C96-41F6-A069-4B6C3C622735}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{8305289F-8A1D-49D8-B7AE-AA38DF095460}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{840551C3-AE1D-45A7-994F-8AF6CF61A82C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8839CD24-F813-4803-A292-8FF6337403D1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9090935B-FC2F-4BD6-AED7-EDB85E8692D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\counter-strike source\hl2.exe |
"{92D36936-1494-485D-BD6B-5D53F23D0A12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93E8FBB8-039C-4579-A50F-03D087964F04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{945FF9DC-7845-4118-9046-D3EDCAE6B7C4}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{9A02FDD6-1E34-44D6-B3FC-461E7EB844B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{9DE9C871-2024-453E-B963-72F8BFD320E8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A297E167-9993-4C5C-BFA0-CF3B4E6293F4}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{A5A4B6D4-E010-44CA-9C18-8BA3A45C63CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe |
"{A8374ABD-ECE7-4575-B8CC-06D7DAE6A42F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\day of defeat source\hl2.exe |
"{A85D43B0-82D5-4BE3-A676-FBCC8F893DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{A879837D-3190-4C89-95EA-7CE6CBBD52F1}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{AE6D895E-7D4C-4993-B292-83DE9C2CF9F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{B3541116-EBB5-4C64-8805-60E71A5AAB1D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B51CADD6-7DEB-42CB-A44A-D306ADE4975D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BCB8B59C-8806-4C15-818D-200A30657DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{BCC9F552-EC81-493B-8A2C-57D8141ECD7B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C4B89966-9435-4E47-A68A-C09020EBB059}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{C5FCEFF6-3F1E-4EEB-937D-DA6E575BF9AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{C614E1A9-FDFC-4BE0-88CB-56A8475A9EB0}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{C8F58954-D5CA-4163-8559-297270FB53C7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CC767DAD-C536-4747-B30B-CD8A906F4D6C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{CF9C1DEB-8D8D-4740-A227-C7287452B281}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D059CBDA-0353-4FFB-B55E-BDF0B8628A72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4338F73-98EB-4858-A6B2-DE9FD6DB6767}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{D780F61B-04E0-46D9-8D9B-E32689CEEA98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars the force unleashed 2\swtfu2.exe |
"{D88E69EB-38BA-4B5F-87C5-2A7A2F596E71}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D8A431B2-64D0-485D-B624-179C3B104C99}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{DACA393F-4893-4F83-BA93-1F1CFC5BF9A9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{DB58900C-8DB3-40D1-B908-E8150F42BA70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{DE3851DB-A429-48C5-9E8D-383AABB25686}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{DECBB79A-2740-4F44-9F21-DAE6472096F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E13B42D5-EBC3-4370-BA6D-1C961637E8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe |
"{E22940D5-54E5-420F-BF81-FE7372DD82CB}" = protocol=6 | dir=in | app=c:\users\johannes\desktop\games\prototype\prototypef.exe |
"{E49CD3EB-790B-4306-8802-3E70BE8926B9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E529338D-580B-4169-AB77-3CB689EF4498}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{E677AD28-4816-40AF-8042-A9ACD88148E4}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{E765C487-F13E-4CF7-B81B-33B8497710BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E8ADD863-0EC3-471F-ACD4-4D6D09672309}" = protocol=58 | dir=in | app=system |
"{F1B3644D-678D-483F-9CB7-5D864CFF9C33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F212275F-5817-494E-B477-CBD05B5115CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F9FD3076-2F77-44AA-867A-E3CBA0DD26F2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{FBD11485-AB40-4CFC-B513-BCE58BA2B4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{FE91BFF3-E853-4D44-AA91-8A040EB254D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{0B8F5B15-9F25-4524-93BA-5972DE2273B4}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"TCP Query User{10652D54-16DC-440D-83ED-8049188FC3FF}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{1251C4E8-0E50-4641-B198-81C2900BEF1F}G:\mediathek\games\lan\medal of honour - allied assault\mohaa.exe" = protocol=6 | dir=in | app=g:\mediathek\games\lan\medal of honour - allied assault\mohaa.exe |
"TCP Query User{20E92810-E5B8-4B29-BF4D-9A1D9254ECE2}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{4CD7F97D-775E-4DE3-B0DE-7DE3B1D6E4E7}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5385EF5B-4FC4-4838-B565-ECBDAD7D7AD8}G:\mediathek\games\lan\age of empires ii - cheater version\age2_x1.exe" = protocol=6 | dir=in | app=g:\mediathek\games\lan\age of empires ii - cheater version\age2_x1.exe |
"TCP Query User{6163E92F-38A0-47F4-BB23-94D4F6A3ABA2}C:\users\johannes\desktop\games\age of empires ii - cheater version\empires2.exe" = protocol=6 | dir=in | app=c:\users\johannes\desktop\games\age of empires ii - cheater version\empires2.exe |
"TCP Query User{772625D3-D7F2-4B2C-967D-686AD40C627F}C:\users\johannes\desktop\games\age of empires ii - cheater version\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\johannes\desktop\games\age of empires ii - cheater version\age2_x1.exe |
"TCP Query User{77D7C890-26D4-472D-86DC-C99C9B3625ED}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{893B3C62-FCEC-4C3C-93D6-A0AC34423308}C:\program files (x86)\steam\steamapps\jointie90\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\team fortress 2\hl2.exe |
"TCP Query User{A6E4C3F8-A165-4045-99D0-E36FBE8346B4}C:\program files (x86)\steam\steamapps\jointie90\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\half-life 2 deathmatch\hl2.exe |
"TCP Query User{DDDA30B8-7C1F-4715-9F55-41F0F79745A8}C:\program files (x86)\steam\steamapps\jointie90\counterstrike source beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\counterstrike source beta\hl2.exe |
"TCP Query User{F79857D4-5B3F-45B1-9469-48A0D718E760}C:\users\johannes\desktop\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\johannes\desktop\games\counter-strike source\hl2.exe |
"UDP Query User{0D7C4BE7-2E57-4EE1-AEDB-1ADDFE1669A9}C:\users\johannes\desktop\games\age of empires ii - cheater version\empires2.exe" = protocol=17 | dir=in | app=c:\users\johannes\desktop\games\age of empires ii - cheater version\empires2.exe |
"UDP Query User{1138805B-F661-4A6F-8E67-012C8EDC9A15}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3ABD0685-2CCA-4ADC-AD33-C1F075250AFA}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"UDP Query User{3AC245D2-94C0-4173-96DE-286E4D2A1322}G:\mediathek\games\lan\age of empires ii - cheater version\age2_x1.exe" = protocol=17 | dir=in | app=g:\mediathek\games\lan\age of empires ii - cheater version\age2_x1.exe |
"UDP Query User{58716A88-29E5-4464-9520-9E5924FF27A3}C:\users\johannes\desktop\games\age of empires ii - cheater version\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\johannes\desktop\games\age of empires ii - cheater version\age2_x1.exe |
"UDP Query User{5A1535DB-BC92-4D88-9C47-5370F5675480}C:\program files (x86)\steam\steamapps\jointie90\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\half-life 2 deathmatch\hl2.exe |
"UDP Query User{5FE78FE0-BF31-411F-9CB6-34FCF151E255}C:\users\johannes\desktop\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\johannes\desktop\games\counter-strike source\hl2.exe |
"UDP Query User{74CC0E16-23C0-4240-9868-ADF99D35CF88}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{7D6CE1D5-F134-4BD3-990F-C4D0F03E69B6}C:\program files (x86)\steam\steamapps\jointie90\counterstrike source beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\counterstrike source beta\hl2.exe |
"UDP Query User{97C16D54-B8C1-4337-9FBB-30FE17953BFA}C:\program files (x86)\steam\steamapps\jointie90\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jointie90\team fortress 2\hl2.exe |
"UDP Query User{A234AFA2-9866-4027-8C92-3D748C5A942B}G:\mediathek\games\lan\medal of honour - allied assault\mohaa.exe" = protocol=17 | dir=in | app=g:\mediathek\games\lan\medal of honour - allied assault\mohaa.exe |
"UDP Query User{A88B40F4-5080-4E46-B0E0-093E4E2E70DA}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{B2A9A75C-792C-4462-B7C5-3E07491C00A5}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media PCI Audio Driver" = Trust 5.1 Soundcard 14319
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{204FCF73-1450-407D-BCF9-1233EC5F5787}" = Sound Blaster Recon3D PCIe Extras
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{936B67BE-1EB4-4D98-815A-EA1E75FFED2F}" = Counter-Strike Source Final 07102004
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F380C602-98E8-49AB-8C3F-8A73BACA45DD}" = Sound Blaster Recon3D PCIe
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Grand Theft Auto" = Grand Theft Auto
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Logitech Vid" = Logitech Vid HD
"LogMeIn Hamachi" = LogMeIn Hamachi
"Music Server" = Creative Music Server
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.15.1748" = Opera 12.15
"Picasa 3" = Picasa 3
"Steam App 105430" = Age of Empires Online
"Steam App 17410" = Mirror's Edge
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32500" = Star Wars: The Force Unleashed II
"Steam App 33220" = Tom Clancy's Splinter Cell: Conviction
"Steam App 33420" = Call of Juarez: The Cartel
"Steam App 33440" = Driver San Francisco
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 36620" = Forsaken World
"Steam App 40800" = Super Meat Boy
"Steam App 440" = Team Fortress 2
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VLC media player" = VLC media player 1.1.11
"WaveStudio 7" = Creative WaveStudio 7
"WinGimp-2.0_is1" = GIMP 2.6.11
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/10/2012 6:45:33 PM | Computer Name = Johannes-PC | Source = Application Hang | ID = 1002
Description = Programm FacebookMessenger.exe, Version 2.1.4651.17928 kann nicht
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1260 Startzeit: 01cdd6e526983b8a Endzeit: 40 Anwendungspfad:
C:\Users\Johannes\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
Berichts-ID:
Error - 12/21/2012 6:45:49 AM | Computer Name = Johannes-PC | Source = VSS | ID = 13
Description =
Error - 12/21/2012 6:45:49 AM | Computer Name = Johannes-PC | Source = VSS | ID = 8193
Description =
Error - 12/21/2012 6:45:49 AM | Computer Name = Johannes-PC | Source = VSS | ID = 13
Description =
Error - 12/21/2012 6:45:49 AM | Computer Name = Johannes-PC | Source = VSS | ID = 8193
Description =
Error - 1/8/2013 10:52:25 AM | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: steam.exe, Version: 1.0.1595.686,
Zeitstempel: 0x50b7ef0d Name des fehlerhaften Moduls: crashhandler.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50d2249f Ausnahmecode: 0xc0000005 Fehleroffset:
0x71e720f4 ID des fehlerhaften Prozesses: 0x1284 Startzeit der fehlerhaften Anwendung:
0x01cdedafb1e244fd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steam.exe
Pfad
des fehlerhaften Moduls: crashhandler.dll Berichtskennung: 03294fb0-59a3-11e2-afe5-001999a8c6ef
Error - 1/8/2013 10:52:51 AM | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: steam.exe, Version: 1.0.1595.686,
Zeitstempel: 0x50b7ef0d Name des fehlerhaften Moduls: crashhandler.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50d2249f Ausnahmecode: 0xc0000005 Fehleroffset:
0x71e41167 ID des fehlerhaften Prozesses: 0x1284 Startzeit der fehlerhaften Anwendung:
0x01cdedafb1e244fd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steam.exe
Pfad
des fehlerhaften Moduls: crashhandler.dll Berichtskennung: 12fbaeef-59a3-11e2-afe5-001999a8c6ef
Error - 1/8/2013 10:54:33 AM | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dtpd.exe, Version: 0.0.0.0, Zeitstempel:
0x4c7f525b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2 ID des fehlerhaften
Prozesses: 0x6a0 Startzeit der fehlerhaften Anwendung: 0x01cdedad66b4866a Pfad der
fehlerhaften Anwendung: C:\Program Files\ShrewSoft\VPN Client\dtpd.exe Pfad des
fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 4f79023e-59a3-11e2-afe5-001999a8c6ef
Error - 1/8/2013 10:54:34 AM | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iked.exe, Version: 0.0.0.0, Zeitstempel:
0x4c9fc835 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2 ID des fehlerhaften
Prozesses: 0x6f0 Startzeit der fehlerhaften Anwendung: 0x01cdedad66bc75bd Pfad der
fehlerhaften Anwendung: C:\Program Files\ShrewSoft\VPN Client\iked.exe Pfad des
fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 50213cd7-59a3-11e2-afe5-001999a8c6ef
Error - 3/25/2013 6:33:33 AM | Computer Name = Johannes-PC | Source = BugSplat | ID = 1
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 1/7/2013 3:56:50 PM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 4:13:02 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 4:13:07 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 4:14:13 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 4:14:18 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 10:35:27 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 10:35:32 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 10:44:16 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 10:44:21 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B)
Description:
NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected
Error - 1/8/2013 10:51:04 AM | Computer Name = Johannes-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
[ System Events ]
Error - 5/22/2013 12:52:42 AM | Computer Name = Johannes-PC | Source = DCOM | ID = 10010
Description =
Error - 5/22/2013 4:44:11 AM | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt
Error - 5/22/2013 12:21:47 PM | Computer Name = Johannes-PC | Source = BROWSER | ID = 8032
Description =
Error - 5/22/2013 12:45:42 PM | Computer Name = Johannes-PC | Source = bowser | ID = 8003
Description =
Error - 5/24/2013 5:30:54 AM | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst UMVPFSrv erreicht.
Error - 5/24/2013 9:53:52 AM | Computer Name = Johannes-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.113 registriert werden. Der Computer mit IP-Adresse 192.168.2.138
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 5/24/2013 12:51:47 PM | Computer Name = Johannes-PC | Source = DCOM | ID = 10010
Description =
Error - 5/25/2013 1:44:22 PM | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt
Error - 5/25/2013 2:11:55 PM | Computer Name = Johannes-PC | Source = DCOM | ID = 10010
Description =
Error - 5/26/2013 4:25:54 PM | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
vflt
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 23:55:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500413AS rev.JC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Johannes\AppData\Local\Temp\axddrkow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031bf000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff800031bf042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[824] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000762387b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[824] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[824] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[1596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[1596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Johannes\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- EOF - GMER 2.1 ----
|
|
26.05.2013, 23:23
| #4 | |
| /// TB-Ausbilder | Skypevirus, bist du das?... Da das offensichtlich ein anderer Rechner ist.. Weiter: Bis jetzt ist nichts mehr zu sehen. Wie läuft denn der Rechner? Bemerkst du noch Probleme oder läuft alles normal? Zitat:
Dazu: Schritt 1 Fixen mit OTL
Code:
ATTFilter :commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
27.05.2013, 12:18
| #5 |
| | Skypevirus, bist du das?... Zu aller erst schonmal vielen lieben DANK! =) Hier die Ergebnisse: Ps: Eset hat 2,5h gedauert. kann das sein?. Ansonsten läuft der PC ganz ruhig, aber ich wollte einfach sicher gehen nach all dem was man so hört =) Johannes OTL Code:
ATTFilter All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Johannes
->Temp folder emptied: 1667597834 bytes
->Temporary Internet Files folder emptied: 140724776 bytes
->Java cache emptied: 574 bytes
->Opera cache emptied: 48745935 bytes
->Flash cache emptied: 108152 bytes
User: Löffl
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 740539695 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,479.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05272013_100938
Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.27.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Johannes :: JOHANNES-PC [Administrator] 27.05.2013 10:18:57 mbam-log-2013-05-27 (10-18-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229573 Laufzeit: 3 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a2e9869d5584c24295c1a73e9db4eca6
# engine=13923
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-27 11:06:48
# local_time=2013-05-27 01:06:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 52387 235076098 3754 0
# compatibility_mode=5893 16776573 100 94 10499 121282658 0 0
# scanned=428958
# found=0
# cleaned=0
# scan_time=9410
Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.3.300.257 Flash Player out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Exportierte Ereignisse:
24.05.2013 18:47 [Echtzeit-Scanner] Malware gefunden
In der Datei 'E:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.05.2013 18:47 [Echtzeit-Scanner] Malware gefunden
In der Datei 'E:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
24.05.2013 18:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'E:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.05.2013 18:50 [Echtzeit-Scanner] Malware gefunden
In der Datei 'E:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.05.2013 18:50 [Echtzeit-Scanner] Malware gefunden
In der Datei 'E:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.05.2013 18:49 [Echtzeit-Scanner] Malware gefunden
In der Datei 'E:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.05.2013 18:49 [Echtzeit-Scanner] Malware gefunden
In der Datei 'E:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2013 17:42 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johannes\AppData\Roaming\A174.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.96256.74' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '419918e5.qua'
verschoben!
21.05.2013 17:42 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johannes\AppData\Roaming\ACFB.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.96256.74' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '593d3750.qua'
verschoben!
21.05.2013 17:42 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johannes\AppData\Roaming\99C7.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.96256.74' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '13ca4205.qua'
verschoben!
21.05.2013 17:42 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johannes\AppData\Roaming\Lwzkzv.exe'
enthielt einen Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '33b220bf.qua'
verschoben!
21.05.2013 17:42 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Johannes\AppData\Local\Opera\Opera\temporary_downloads\fotos896-lol.zi
p'
enthielt einen Virus oder unerwünschtes Programm 'BDS/Ruskill.uxo.1' [backdoor].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '762c0d89.qua'
verschoben!
20.05.2013 21:51 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johannes\AppData\Roaming\B8AF.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Downloader.Gen8' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d5ded27.qua'
verschoben!
20.05.2013 21:48 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Johannes\AppData\Roaming\B8AF.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen8' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.05.2013 21:48 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Johannes\AppData\Roaming\B8AF.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen8' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
|
|
27.05.2013, 13:22
| #6 |
| /// TB-Ausbilder | Skypevirus, bist du das?... Hallo Johannes, ja, die 2,5h für den ESET-Scan sind ganz normal (sogar eher auf der kurzen Seite..  ).Sieht nicht so aus, als wäre da noch etwas aktiv. Räumen wir auf.  Hinweis: Deaktivierte BenutzerkontensteuerungIch sehe, dass die Benutzerkontensteuerung (UAC) bei dir deaktiviert ist. Hast du sie bewusst selbst ausgeschaltet? Aus der Sicherheitsperspektive her gesehen sollte man die Benutzerkontensteuerung eingeschaltet lassen, auch wenn sie manchmal etwas mühsam ist. Ich empfehle dir, sie gemäss dieser Anleitung wieder zu aktivieren. Schritt 1 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Schritt 2 Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ --> Skypevirus, bist du das?... |
|
27.05.2013, 13:50
| #7 |
| | Skypevirus, bist du das?... So, alles erledigt. - Adobe Pdf reader und flashplayer neu installiert. - Benutzerkontensteuerung aktiviert - Delfix laufen lassen Hiermit denke ich passt alles. PC schnurrt einwandfrei! Ich danke dir LEO so sehr es nur geht. Echt klasse Job den du/ihr da macht. Solltest mal in der Nähe von Stuttgart sein lad ich dich auf n Bierchen/Kaffee ein xD Johannes |
|
27.05.2013, 13:54
| #8 |
| /// TB-Ausbilder | Skypevirus, bist du das?... Danke für die Rückmeldung, Johannes.  Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Skypevirus, bist du das?... |
| aufgepasst, avira, bds/ruskill.uxo.1, befolgt, bekannte, bescheid, dies ist ein sehr schönes foto von dir, gefunde, gelöscht, gestartet, installier, kontakte, leben, natürlich, programm, skype, sofort, tr/agent.96256.74, tr/downloader.gen8, unbekannte, verschickt, virenprogramm, wurm |
Textbox. 
Linear-Darstellung
