| |
| |||||||
Log-Analyse und Auswertung: Yontoo Maleware ? iReview und TopicTorchWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.06.2013, 11:27
| #1 |
 |  Yontoo Maleware ? iReview und TopicTorch Hallo TB-Team, Erst einmal vielen herzlichen Dank für Euer Engagement  und vorab für Eure Unterstützung.Auf meiner Homepage www.jump-backtorock.de erscheint seit einiger Zeit in einem unteren und einem seitlichen Frame unerwünschte Werbung. unten: iReview, seitlich: Topic Torch Die Homepage habe ich mit "Jimdo" erstellt (kostenpflichtig, werbefrei). Ich war und bin mir nicht sicher ob die Maleware von Jimdo kommt, hatte bei Jimdo nachgefragt, Rückmeldung kam: nicht von Jimdo. Ich habe Kapersky Internet Security V12.0.0374 (aktueller scan sagt bis auf spam sauber, kein Trojaner) siehe Bericht im Anhang. Webbrowser: Firefox aktuell habe zur Zeit mit Adblockplus einen Filter gesetzt, dann erscheinen bei mir am Windows Vista PC die beiden Werbebanner nicht mehr. Natürlich aber nervig sichtbar für die Besucher meiner website.  Den Filter habe ich als jpg mit dem Snipping tool zur Info hochgeladen: "edge skript" Noch zur Info: neben dem Haupt Windows Vista PC habe ich: iPhone, IPad, und MacbookPro mit Safari als Browser. Ich weiß nicht wo der Trojaner sitzt, gehe aber von diesem Vista Rechner aus. Ich führe jetzt alle Vorabschritte aus und poste diese hier anschließend. Yontoo selbst habe ich nicht auf meinem Rechner gefunden. Habe in den letzten Tagen meinen Rechner aufgeräumt. (unnötige Programme) und mit AdwCleaner durchsucht und gereinigt, die Logs dazu habe ich noch. siehe Berichte im Anhang. Vielen Dank erst einmal. Gruß Horst |
|
09.06.2013, 11:31
| #2 |
| /// Malware-holic   | Yontoo Maleware ? iReview und TopicTorch hi
__________________die Werbung kommt auch bei anderen PC's mit denen du deine Seite besuchst?
__________________ |
|
09.06.2013, 12:02
| #3 |
| | Yontoo Maleware ? iReview und TopicTorch OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 09.06.2013 12:33:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HR\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 36,18% Memory free 6,21 Gb Paging File | 3,67 Gb Available in Paging File | 59,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 60,92 Gb Free Space | 26,59% Space Free | Partition Type: NTFS Drive D: | 228,83 Gb Total Space | 201,06 Gb Free Space | 87,86% Space Free | Partition Type: NTFS Drive K: | 931,28 Gb Total Space | 517,20 Gb Free Space | 55,54% Space Free | Partition Type: FAT32 Computer Name: HR-PC | User Name: HR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.09 12:32:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HR\Desktop\OTL.exe PRC - [2013.06.02 13:53:13 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\HR\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2009.02.19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.02.19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\KHAL2\KHALMNPR.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.07.13 22:24:16 | 000,178,280 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\PMVService.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.21 18:33:22 | 000,204,908 | ---- | M] () -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe PRC - [2007.06.21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2007.06.20 10:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.15 16:48:04 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007.06.15 16:48:02 | 000,326,440 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ========== Modules (No Company Name) ========== MOD - [2013.05.16 19:42:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013.05.16 17:42:28 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\HR\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.15 15:32:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll MOD - [2013.02.15 15:32:44 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll MOD - [2013.01.10 20:23:22 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll MOD - [2013.01.10 18:38:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 18:38:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.10 18:37:36 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 18:36:26 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 18:36:20 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\HR\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.08.03 00:59:53 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2764.39489__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.08.03 00:59:53 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2764.39690__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2008.08.03 00:59:53 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2764.39718__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008.08.03 00:59:53 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2764.39446__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.08.03 00:59:53 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2764.39503__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.08.03 00:59:53 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2764.39709__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.08.03 00:59:53 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2764.39668__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.08.03 00:59:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2764.39480__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.08.03 00:59:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2764.39502__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2008.08.03 00:59:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2764.39601__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.08.03 00:59:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2764.39466__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.08.03 00:59:52 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2764.39745__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.08.03 00:59:40 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2764.39676__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:40 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2764.39752__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:40 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2764.39682__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.08.03 00:59:40 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2764.39459__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2764.39675__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.08.03 00:59:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2764.39738__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.08.03 00:59:39 | 000,897,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2764.39711__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:39 | 000,790,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2764.39611__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:39 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2764.39516__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:39 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2764.39467__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:39 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2764.39789__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:39 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2764.39695__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.08.03 00:59:39 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2764.39509__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:39 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2764.39634__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2764.39788__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2008.08.03 00:59:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2764.39609__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.08.03 00:59:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2764.39521__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.08.03 00:59:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2764.39633__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.08.03 00:59:38 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2764.39669__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:38 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2764.39603__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:38 | 000,327,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2764.39595__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.08.03 00:59:38 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2764.39601__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.08.03 00:59:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2764.39609__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.08.03 00:59:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2764.39654__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.08.03 00:59:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.08.03 00:59:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.08.03 00:59:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.08.03 00:59:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.08.03 00:59:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.08.03 00:59:38 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.08.03 00:59:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2729.30255__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2008.08.03 00:59:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2008.08.03 00:59:37 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.08.03 00:59:37 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.08.03 00:59:37 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.08.03 00:59:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.08.03 00:59:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.08.03 00:59:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.08.03 00:59:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.08.03 00:59:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.08.03 00:59:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.08.03 00:59:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2729.30262__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.08.03 00:59:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.08.03 00:59:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.08.03 00:59:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.08.03 00:59:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.08.03 00:59:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.08.03 00:59:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll MOD - [2008.08.03 00:59:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.08.03 00:59:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.08.03 00:59:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.08.03 00:59:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.08.03 00:59:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.08.03 00:59:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.08.03 00:59:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.08.03 00:59:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.08.03 00:59:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.08.03 00:59:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.08.03 00:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2764.39723_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.08.03 00:59:33 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2764.39475__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.08.03 00:59:33 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2764.39723__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.08.03 00:59:33 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2764.39730__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.08.03 00:59:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2764.39729__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.08.03 00:59:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.08.03 00:59:33 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2764.39776__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.08.03 00:59:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.08.03 00:59:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.08.03 00:59:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.08.03 00:59:33 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2764.39436__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.08.03 00:59:32 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2764.39454__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.08.03 00:59:32 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2764.39438__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.08.03 00:59:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2764.39438__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.08.03 00:59:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2764.39437__90ba9c70f846762e\APM.Server.dll MOD - [2008.08.03 00:59:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2764.39436__90ba9c70f846762e\AEM.Server.dll MOD - [2008.08.03 00:59:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.08.03 00:59:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.08.03 00:59:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2764.39730__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.08.03 00:59:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.08.03 00:59:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.08.03 00:59:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.07.27 23:26:28 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.06.21 18:33:22 | 000,204,908 | ---- | M] () -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe MOD - [2007.06.15 16:48:02 | 000,326,440 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe MOD - [2007.06.15 16:47:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll MOD - [2007.06.15 16:15:48 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll MOD - [2007.04.16 18:48:20 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll MOD - [2007.04.16 18:48:18 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll MOD - [2007.04.16 18:47:42 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll MOD - [2007.04.16 18:47:40 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll MOD - [2007.04.16 18:47:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll MOD - [2007.04.16 18:47:34 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll MOD - [2007.04.16 18:47:32 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ========== Services (SafeList) ========== SRV - [2013.06.02 13:53:13 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2013.05.15 22:22:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.08.10 17:50:11 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.06.02 13:44:49 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.01.05 01:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.01.20 23:19:13 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2008.12.18 23:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2008.12.18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.12.18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.12.18 23:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2007.08.31 15:24:26 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2007.07.27 23:36:38 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {a060276a-53be-45ec-8ebe-b94b1e803179} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = Plasmoo IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3DE8263B-D0B9-4459-8E1A-B6E0172FBC3F}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{FA8DF709-19E4-4074-B545-FB63B080E5DB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.jump-backtorock.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: c:\Program Files\Autodesk\Autodesk Design Review Firefox Add-on v1.1\npADRdwf.dll (Autodesk) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013.06.02 14:13:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013.06.02 14:13:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013.06.02 14:13:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.02 23:53:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.09 10:01:51 | 000,000,000 | ---D | M] [2013.06.09 09:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HR\AppData\Roaming\mozilla\Extensions [2011.10.30 15:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HR\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2009.10.17 19:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HR\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013.06.09 10:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HR\AppData\Roaming\mozilla\Firefox\Profiles\j876emph.default\extensions [2011.10.30 15:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HR\AppData\Roaming\mozilla\Sunbird\Profiles\qzh0egz7.default\extensions [2013.06.09 10:21:41 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\HR\AppData\Roaming\mozilla\firefox\profiles\j876emph.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.18 12:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.18 12:21:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.18 12:21:23 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2013.05.18 12:21:23 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013.05.18 12:21:23 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013.05.18 12:21:24 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013.06.09 10:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.09 10:11:27 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Programme\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\HR\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\HR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\HR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\HR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: Auswahl speichern - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Bild ausschneiden - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8 - Extra context menu item: Diese Seite ausschneiden - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\HR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not found O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\HR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Neue Notiz - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found O8 - Extra context menu item: URL notieren - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45B15D75-DA08-4DA1-8796-26636E534D00}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EC30AB3-31EA-47F5-A3C0-9F0DD80C1E57}: DhcpNameServer = 10.111.81.129 10.129.32.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\HR\Dropbox\JUMP Homepage Bilder\DPP_0078_2sepia für flyer.jpg O24 - Desktop BackupWallPaper: C:\Users\HR\Dropbox\JUMP Homepage Bilder\DPP_0078_2sepia für flyer.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.12.20 22:55:44 | 000,000,076 | ---- | M] () - K:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2008.05.05 14:14:18 | 000,000,025 | ---- | M] () - K:\AUTORUN.FCB -- [ FAT32 ] O33 - MountPoints2\{4896fbd1-8fbd-11dd-822f-0019154e6a65}\Shell\Auto\command - "" = K:\BootIO.exe O33 - MountPoints2\{4896fbd1-8fbd-11dd-822f-0019154e6a65}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\BootIO.exe O33 - MountPoints2\{54873af1-e0e8-11de-9004-d5b38e310540}\Shell\AutoRun\command - "" = K:\Menu.exe O33 - MountPoints2\{6d123514-ef13-11de-8ee4-b2cca38b74b0}\Shell\AutoRun\command - "" = K:\Menu.exe O33 - MountPoints2\{bd248be5-ebe5-11de-9501-d02e66a21396}\Shell\AutoRun\command - "" = M:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 12:32:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HR\Desktop\OTL.exe [2013.06.04 23:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.06.04 23:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.02 13:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2013.06.02 13:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.06.02 13:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2013.06.02 13:44:49 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2013.05.31 12:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2013.05.18 13:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.18 13:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.18 13:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.18 13:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.05.18 12:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Users\HR\Desktop\*.tmp files -> C:\Users\HR\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 12:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9E4DAC0-39CB-490B-9F0F-E247EFF8FD37}.job [2013.06.09 12:32:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HR\Desktop\OTL.exe [2013.06.09 12:30:08 | 000,000,000 | ---- | M] () -- C:\Users\HR\defogger_reenable [2013.06.09 12:28:55 | 000,050,477 | ---- | M] () -- C:\Users\HR\Desktop\Defogger.exe [2013.06.09 12:24:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.09 12:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.09 11:17:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 11:17:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 10:11:30 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.09 09:55:51 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.06.09 07:30:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.09 07:17:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.08 02:30:10 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - HR.job [2013.06.05 00:42:01 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.06.03 00:02:47 | 000,000,987 | ---- | M] () -- C:\Users\HR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.03 00:02:37 | 000,000,949 | ---- | M] () -- C:\Users\HR\Desktop\Dropbox.lnk [2013.06.02 14:13:09 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2013.06.02 14:13:09 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2013.06.02 13:44:49 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2013.05.31 12:08:42 | 000,017,408 | ---- | M] () -- C:\Users\HR\AppData\Local\WebpageIcons.db [2013.05.31 11:31:42 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.31 11:31:42 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.31 11:31:42 | 000,013,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.31 11:31:42 | 000,007,364 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.20 10:07:22 | 000,000,601 | ---- | M] () -- C:\Users\HR\Desktop\JUMP Public.lnk [2013.05.18 13:20:33 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.16 17:37:55 | 000,540,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.14 20:44:33 | 000,050,646 | ---- | M] () -- C:\Users\HR\Documents\Let it be -The Beatles.pdf [1 C:\Users\HR\Desktop\*.tmp files -> C:\Users\HR\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 12:30:08 | 000,000,000 | ---- | C] () -- C:\Users\HR\defogger_reenable [2013.06.09 12:28:53 | 000,050,477 | ---- | C] () -- C:\Users\HR\Desktop\Defogger.exe [2013.06.09 10:11:30 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.06.09 10:11:30 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.02 13:48:54 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2013.06.02 13:48:54 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2013.05.31 12:08:41 | 000,017,408 | ---- | C] () -- C:\Users\HR\AppData\Local\WebpageIcons.db [2013.05.20 10:07:22 | 000,000,601 | ---- | C] () -- C:\Users\HR\Desktop\JUMP Public.lnk [2013.05.18 13:20:33 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.14 20:44:32 | 000,050,646 | ---- | C] () -- C:\Users\HR\Documents\Let it be -The Beatles.pdf [2013.04.13 14:47:01 | 000,001,302 | ---- | C] () -- C:\Users\HR\AppData\Local\recently-used.xbel [2012.12.31 15:58:05 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv5 [2012.11.01 21:15:04 | 000,023,728 | ---- | C] () -- C:\Windows\System32\drivers\OXUDIDRV_X32.sys [2011.11.24 18:34:17 | 000,000,000 | ---- | C] () -- C:\Users\HR\AppData\Local\{16C2AB91-494E-4ACF-B05C-1C45FEFF3820} [2009.05.12 13:18:08 | 000,000,760 | ---- | C] () -- C:\Users\HR\AppData\Roaming\setup_ldm.iss [2008.10.15 20:49:19 | 000,000,216 | ---- | C] () -- C:\Users\HR\AppData\Roaming\wklnhst.dat [2008.10.03 12:27:45 | 000,000,074 | ---- | C] () -- C:\Users\HR\AppData\Roaming\default.pls [2008.10.03 10:33:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.08.12 19:20:31 | 000,001,024 | ---- | C] () -- C:\Users\HR\.rnd [2008.08.10 14:49:33 | 000,089,600 | ---- | C] () -- C:\Users\HR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.03 00:56:35 | 000,007,484 | ---- | C] () -- C:\Users\HR\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.10.19 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\ACD Systems [2011.12.01 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Audacity [2010.04.02 15:03:06 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Autodesk [2008.09.28 18:29:26 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Citrix [2013.06.08 16:58:01 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Dropbox [2013.06.02 18:03:56 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\DVDVideoSoft [2011.02.13 15:12:58 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\EPSON [2010.01.09 12:50:41 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\ICAClient [2013.04.25 01:39:41 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\inkscape [2009.05.12 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Leadertech [2012.02.09 19:49:07 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\LimeWire [2012.05.08 12:02:38 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Moyea [2012.05.21 17:28:56 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\PreSonus [2012.05.02 18:44:22 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Serif [2009.11.01 16:23:54 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Sony [2011.05.23 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\TC-Helicon [2008.10.15 20:49:20 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Template [2012.05.08 12:03:15 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\tiger-k [2013.06.02 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\HR\AppData\Roaming\Tobit ========== Purity Check ========== < End of report > Gruß Horst OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 12:33:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HR\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 36,18% Memory free
6,21 Gb Paging File | 3,67 Gb Available in Paging File | 59,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 60,92 Gb Free Space | 26,59% Space Free | Partition Type: NTFS
Drive D: | 228,83 Gb Total Space | 201,06 Gb Free Space | 87,86% Space Free | Partition Type: NTFS
Drive K: | 931,28 Gb Total Space | 517,20 Gb Free Space | 55,54% Space Free | Partition Type: FAT32
Computer Name: HR-PC | User Name: HR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\HR\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E76A620-7AC0-47B8-B2FE-3EBAFD7379CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{11EFEB59-5D85-424E-8D09-5601D86947E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15144236-4D4F-47F5-80F4-4F1A052BDBBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{16273290-02A4-4BC4-85E6-56CC962FE2E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B727298-B73E-4036-9FD7-6A4D19479DBA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1FFDF251-7AE8-4BA5-B5C4-ECD13CF32845}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{26BE5954-8EF0-4B5A-9740-842740BCBF5F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2764BAE1-4348-452E-8598-C811A346A9D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B3CFEE8-F16B-4B9A-BEBD-2FCBE568C23C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{31061F60-8F04-49B1-9DEE-A95CFEC62BA5}" = lport=10244 | protocol=6 | dir=in | app=system |
"{407C0249-2FCB-4B78-A4EB-BD9D973866BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4859A94D-6035-4C35-9DB3-36084BC7BFA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{538AD6A1-FDD6-4477-A129-2B6E7C9EE88B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6F834680-4CA4-44C1-BB0B-48E21034E3D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72590037-AE5D-45C5-A3F9-32D6B1782384}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7308B7E4-267C-44EB-A6D7-799EAAC29054}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C9BC0A4-51CC-4BEA-8CED-58184414A6FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8FB1EBC5-B7F2-403B-AC0E-2D5FFEDAA3B9}" = rport=2869 | protocol=6 | dir=out | app=system |
"{912F473C-63E1-4815-9832-6545D565EDA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{96B654A3-2951-42CE-8D80-82BF95351E0A}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{983C4A4C-F3F2-4098-9B63-BF52CA52B6FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AE811BE-0C2E-4E49-A51E-B77693A47E92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A250EEC0-87EA-4841-A38C-85B6BFD614D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A5753201-87E9-4D69-B14A-402D65D46ED1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B684250C-F10D-4A1F-AE4E-509F79241BE2}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C49A9CD9-FCC3-427C-8256-20E13D5CD402}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E04B631C-38EB-4345-8B21-608E398C369D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E24ED52C-8F7E-41C5-9C7D-A6372E93AF8F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E97FADCF-248A-4ED8-AD3A-BFFE3E9E58D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE1612F6-E1E2-47AB-A4A1-E667D70A0C64}" = lport=3390 | protocol=6 | dir=in | app=system |
"{EE48B676-E888-4059-8F64-FA240DE6D714}" = lport=50090 | protocol=6 | dir=in | name=akamai netsession interface |
"{FE3A7482-106B-4AD0-A782-2A1F0C60FFD4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074E7AD0-5D83-412F-A155-894E64FE1937}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08686E27-C5FD-433E-ABF7-890FD5ED00DD}" = protocol=6 | dir=out | app=system |
"{1207894C-5373-47AA-8C29-2BF76BF09935}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{18FC8F95-EEFD-4F1B-B907-BDD1139D8EAE}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{1B407090-8E8E-451A-95B8-91A9450EDD7D}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{2186D19C-CA21-47C0-BDE3-C2D491032176}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2C4CDDD6-9A24-43BA-862E-7DA5A55B638B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{303A2D65-8AE4-4906-96ED-9A650F9F111F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3396D328-F4A9-4811-9D92-1E1FFA47FDD6}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{351C75CF-F9D0-4E1D-A995-8E7A510D09D6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38EDDE8C-1AC5-412E-AAA2-3E338A50126F}" = protocol=17 | dir=in | app=c:\users\hr\appdata\local\akamai\netsession_win.exe |
"{3C21B26D-A2B9-4CAE-B5BB-384A43DD4F58}" = protocol=6 | dir=in | app=c:\users\hr\appdata\roaming\dropbox\bin\dropbox.exe |
"{4369BDEA-CE70-4378-8BBF-17891F157355}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{443B0950-42E3-4968-9863-AE6B1AB97CB0}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{46AA7E42-BBD4-4AFF-BFD6-F6056AFD6163}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{6964C785-FF76-4188-9DF1-E7C9E55D1C19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A10E3A2-BCC5-492F-AADF-4C4ABC2CE00B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7C4A687E-33FC-445A-9942-B17548B95348}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7CEC1B72-E2C5-4FAB-947F-5A4C6B6FF4F2}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{801E4601-BA1E-4DF7-A13F-F17E98AF8B15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{803FC0A8-2A90-4493-82A9-7B8B23D1B0D3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8098D277-D914-4AD4-91F1-38985C573D7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{80ADA5C6-97B1-4E00-BA60-A418AEFCA1C5}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{8D67FB08-524C-41A2-820D-DDC09CAC1462}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94E2554E-2EE9-4F79-B704-0DFDDFDB36A9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9A1087BF-B956-4236-9F74-9A15D8325EA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A9070AA-4086-4FFE-9BAC-83BAFAB6678C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EC7B4D3-446C-4C04-9B23-0982B3E93A23}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{A27A8399-E956-49AC-8532-A9D553F446E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFD0293B-4B8D-4A21-AE5F-4001C927BC73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{B24D5E1A-EFD3-48D2-B175-1AFB3FF0C5B2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9E9EB39-164A-4E62-97D8-6997820CEA1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C55B55A3-860B-4C90-A57B-4106F814AAAD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C8C6C3AC-A014-4115-86A1-85B669A31D6B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD6897DD-E5F1-44E2-A77A-5368E4F88B76}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{CE332C9B-876B-4D15-B614-CE13CA444096}" = protocol=6 | dir=in | app=c:\users\hr\appdata\local\akamai\netsession_win.exe |
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{D25C29C2-5B26-455D-AA90-0D424F563040}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DAAAF756-0FD1-49A7-8B91-8225BF66F392}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{E06B4C04-1E12-452B-9C20-B2FB01FC8F86}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E5FB4FCB-D484-46BF-BF90-766043C3AD5B}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{EA50C69F-0CE1-49FD-BF3B-60D62A206C97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EEC1A5DB-F76C-4CB9-B331-4E0AF97E73AC}" = protocol=17 | dir=in | app=c:\users\hr\appdata\roaming\dropbox\bin\dropbox.exe |
"{F35FFAAB-B4E3-461F-880D-F1B970A88472}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA86AB1A-A6D3-4138-B05C-1A51A1F06E58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{837F93A6-5C04-477C-A34D-120722D743E4}C:\users\hr\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hr\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B4671AD8-C79F-4D2A-BF2A-F8DBEE05A48D}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"TCP Query User{B7DDE5D5-3FAA-4BD0-A498-596F847E3B50}C:\users\hr\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hr\appdata\local\akamai\netsession_win.exe |
"UDP Query User{442C7FD1-D4A2-4CE6-8DF8-77630D14A229}C:\users\hr\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hr\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B10CEEFA-B5B7-4C05-9DCA-C9120AC99068}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{BC439B3E-0C9A-4A62-8E78-489A35CE1B89}C:\users\hr\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hr\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01934700-6281-1A4B-8EA8-30C35A261636}" = CCC Help French
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0B04CBF8-F165-CE14-8104-E4897445CBC2}" = CCC Help Dutch
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1355EDEA-47AF-C760-F679-EF573C74746A}" = Catalyst Control Center Core Implementation
"{13B8311B-4B73-E6D2-EEC2-2AC52EEF1CDD}" = Catalyst Control Center Graphics Previews Vista
"{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{197A0218-F4A7-59A5-1BEE-F4D681DDD1E7}" = Catalyst Control Center Graphics Full New
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FA3E58-DB68-A4D1-2DEE-07E876C64D53}" = Skins
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2921832E-6B73-4B7C-AB09-8189B677A5F7}_is1" = Vyzor VoiceLive
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D269FD4-2164-EA98-771D-EE14F8D46013}" = CCC Help Danish
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CDDFF57-4026-96AB-CED3-CC5A08A405E8}" = Catalyst Control Center Localization Japanese
"{4DD0182F-1F08-C6BE-3C3A-68B4CB455F50}" = Catalyst Control Center Localization Norwegian
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6146B9DC-C33D-11E2-BDE1-984BE15F174E}" = Evernote v. 4.6.6
"{622D4708-E468-615A-5F54-C2BCDEBC1A23}" = CCC Help Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669A37FF-A446-46F9-8AAE-EEC1988A2ADF}" = Autodesk Design Review Firefox Add-on v1.1
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BA3A2B0-3E1E-EA79-EC7D-52A61BB51AE1}" = Catalyst Control Center Localization Italian
"{75A40056-A32E-1852-4ADC-F795E1446FEF}" = Catalyst Control Center Graphics Light
"{766A7BA9-2A3F-C4D2-CD59-080D8252D700}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C8E4518-0FF0-6320-7DF6-A9A590D67D52}" = ccc-core-static
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98076F38-8493-0AF7-41C4-6172F8D1F410}" = ccc-utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D85C211-0955-C770-0F73-316D0C5F0B9B}" = CCC Help Italian
"{9DCFC564-606E-424F-8A1C-56DD14908AF6}" = Serif PhotoPlus X2
"{A38496BA-B038-5BCF-04DC-73A88FB10CA0}" = CCC Help Finnish
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A51E4CE7-395C-DCBE-428E-38D061009C59}" = Catalyst Control Center Localization Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B22094E7-117B-5D18-3A0A-C811937113AD}" = Catalyst Control Center Localization Danish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C182D467-6F0A-418A-8B38-788F376F7502}" = Windows-Migrationsassistent
"{C216A256-CEDD-54F4-C4ED-1F0AA41EE920}" = CCC Help German
"{C2AC4582-FDA5-29A9-1C61-97631871A871}" = Catalyst Control Center Localization Swedish
"{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}" = ACDSee for PENTAX 3.0
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C80ABB8D-63D0-6DF1-820A-EF7F2C778EB7}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D3261A3E-9B08-AE79-A3FB-80179A585A5D}" = Catalyst Control Center Graphics Full Existing
"{D3E8C04E-E5B9-3A71-6A64-E774F90B1895}" = Catalyst Control Center Localization German
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DD555562-299E-C58A-847B-B6C05957A65E}" = Catalyst Control Center Localization Finnish
"{DF2ECCA9-22C9-640D-0E5E-F5651EB3742C}" = CCC Help English
"{DF8849AF-F8B8-7466-BA31-7C8F755B0E69}" = Catalyst Control Center Localization Dutch
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E8D4696B-0140-033C-C170-A2FA601DC425}" = Catalyst Control Center Localization French
"{EBA74808-BCCB-C8D5-B119-A96E9C5D45D6}" = CCC Help Japanese
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"DWG TrueView 2011" = DWG TrueView 2011
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Stylus Photo RX585_RX610 Benutzerhandbuch" = EPSON Stylus Photo RX585_RX610 Handbuch
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"PreSonus Capture" = PreSonus Capture
"PreSonus Studio One 2" = PreSonus Studio One 2
"PreSonus Universal Control_is1" = PreSonus Universal Control 1.6
"TC-Helicon VoiceSupport_is1" = VoiceSupport 1.2.01
"Visitenkarten-Druckerei 11_is1" = DATA BECKER Visitenkarten-Druckerei 11
"VLC media player" = VLC media player 0.9.2
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2013 07:29:37 | Computer Name = HR-PC | Source = VSS | ID = 8194
Description =
Error - 02.06.2013 08:18:48 | Computer Name = HR-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WinMail.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ed8, fehlerhaftes Modul oeas.dll, Version 12.0.0.374, Zeitstempel 0x4db475ec,
Ausnahmecode 0xc0000409, Fehleroffset 0x0004e189, Prozess-ID 0x1d94, Anwendungsstartzeit
01ce5f8b23f9f8f7.
Error - 02.06.2013 08:19:07 | Computer Name = HR-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WinMail.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ed8, fehlerhaftes Modul oeas.dll, Version 12.0.0.374, Zeitstempel 0x4db475ec,
Ausnahmecode 0xc0000409, Fehleroffset 0x0004e189, Prozess-ID 0x1fa8, Anwendungsstartzeit
01ce5f8b5a4c38f7.
Error - 02.06.2013 08:19:44 | Computer Name = HR-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WinMail.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ed8, fehlerhaftes Modul oeas.dll, Version 12.0.0.374, Zeitstempel 0x4db475ec,
Ausnahmecode 0xc0000409, Fehleroffset 0x0004e189, Prozess-ID 0x768, Anwendungsstartzeit
01ce5f8b69e4d657.
Error - 02.06.2013 10:17:09 | Computer Name = HR-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WinMail.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ed8, fehlerhaftes Modul oeas.dll, Version 12.0.0.374, Zeitstempel 0x4db475ec,
Ausnahmecode 0xc0000409, Fehleroffset 0x0004e189, Prozess-ID 0x2478, Anwendungsstartzeit
01ce5f9b6bc45177.
Error - 02.06.2013 10:18:21 | Computer Name = HR-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WinMail.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ed8, fehlerhaftes Modul oeas.dll, Version 12.0.0.374, Zeitstempel 0x4db475ec,
Ausnahmecode 0xc0000409, Fehleroffset 0x0004e189, Prozess-ID 0x2178, Anwendungsstartzeit
01ce5f9bf449a8b7.
Error - 02.06.2013 10:18:47 | Computer Name = HR-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WinMail.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ed8, fehlerhaftes Modul oeas.dll, Version 12.0.0.374, Zeitstempel 0x4db475ec,
Ausnahmecode 0xc0000005, Fehleroffset 0x000094de, Prozess-ID 0xe10, Anwendungsstartzeit
01ce5f9c11f66657.
Error - 02.06.2013 10:19:41 | Computer Name = HR-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WinMail.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ed8, fehlerhaftes Modul oeas.dll, Version 12.0.0.374, Zeitstempel 0x4db475ec,
Ausnahmecode 0xc0000409, Fehleroffset 0x0004e189, Prozess-ID 0x11f8, Anwendungsstartzeit
01ce5f9c26810947.
Error - 02.06.2013 12:40:20 | Computer Name = HR-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 04.06.2013 18:41:52 | Computer Name = HR-PC | Source = EventSystem | ID = 4621
Description =
[ OSession Events ]
Error - 23.03.2011 13:05:27 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.05.2011 12:51:12 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.05.2011 14:55:51 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.05.2011 14:56:45 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.05.2011 14:59:48 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.06.2011 07:31:51 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.07.2011 07:21:32 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.07.2011 07:33:10 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 31.12.2011 09:40:39 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 31.12.2011 09:41:13 | Computer Name = HR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06.06.2013 12:48:18 | Computer Name = HR-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 06.06.2013 12:48:18 | Computer Name = HR-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 07.06.2013 09:19:25 | Computer Name = HR-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 07.06.2013 10:18:30 | Computer Name = HR-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 07.06.2013 20:30:05 | Computer Name = HR-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 07.06.2013 20:30:08 | Computer Name = HR-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 08.06.2013 06:33:13 | Computer Name = HR-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 08.06.2013 06:33:14 | Computer Name = HR-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 09.06.2013 01:17:53 | Computer Name = HR-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 09.06.2013 01:17:54 | Computer Name = HR-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
< End of report >
Geändert von HorstAlex (09.06.2013 um 12:41 Uhr) |
|
09.06.2013, 12:06
| #4 |
| | Yontoo Maleware ? iReview und TopicTorch Hallo Markus, ja erscheint auf all meinen IOS Geräten (iPhone, IPad, Macbook) erscheint auch bei meinen Band-Kollegen auf deren Windows PC´s Grüße Horst Hallo Markus, ja erscheint auf all meinen IOS Geräten (iPhone, IPad, Macbook) erscheint auch bei meinen Band-Kollegen auf deren Windows PC´s Grüße Horst Geändert von HorstAlex (09.06.2013 um 12:38 Uhr) |
|
09.06.2013, 17:25
| #5 |
| /// Malware-holic | Yontoo Maleware ? iReview und TopicTorch Frage: 1. hast du ein backup der page was du hochladen kannst? 2. wie siehts mit werbung aus, die der hoster evtl. einblendet?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 20:07
| #6 |
| | Yontoo Maleware ? iReview und TopicTorch Hallo Markus, negativ: habe keinerlei Backup meiner Homepage auf meinem Rechner, ich logge mich direkt beim Hoster (Jimdo) ein und ändere auf "Menü/Elemente-Oberfläche" (also keine HTML-Programmierung) ich habe bei Jimdo die pro-Version für jeweils ein Jahr (60EUR / anno) gekauft. Diese Proversion ist "an sich" werbefrei. Viele Grüße Horst ach ja, hatte Probleme mit gmer. ist 6 x mit Bluescreen abgeschmiert, läuft aber jetzt immer noch seit ca. 16Uhr im Scan von "C". Wenn der Scan zu Ende läuft  , poste ich diesen anschließend. |
|
09.06.2013, 20:09
| #7 |
| /// Malware-holic | Yontoo Maleware ? iReview und TopicTorch gmer brauchen wir eig nicht, das problem mit den werbeeinblendungen muss zumindest auf der Homepage liegen wir prüfen den rechner noch weiter: Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 20:19
| #9 |
| /// Malware-holic | Yontoo Maleware ? iReview und TopicTorch das gerät bitte online bringen, da cf ne Internet verbindung benötigt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 20:49
| #10 |
| | Yontoo Maleware ? iReview und TopicTorchCode:
ATTFilter ComboFix 13-06-08.02 - HR 09.06.2013 21:29:35.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1326 [GMT 2:00]
ausgeführt von:: c:\users\HR\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Favorites\bookmarks-2013-06-02.json
c:\users\Public\Favorites\bookmarks.html
c:\users\Public\Favorites\bookmarks20130609.html
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
K:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-09 bis 2013-06-09 ))))))))))))))))))))))))))))))
.
.
2013-06-09 19:38 . 2013-06-09 19:39 -------- d-----w- c:\users\HR\AppData\Local\temp
2013-06-09 19:38 . 2013-06-09 19:38 -------- d-----w- c:\users\Tanja Christina\AppData\Local\temp
2013-06-09 14:10 . 2013-06-09 14:10 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8BA95DC-40BF-4BC4-86EC-8A8523F97969}\offreg.dll
2013-06-07 13:21 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8BA95DC-40BF-4BC4-86EC-8A8523F97969}\mpengine.dll
2013-06-04 21:43 . 2013-06-04 21:43 -------- d-----w- c:\program files\Common Files\Java
2013-06-04 21:41 . 2013-06-04 21:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-04 21:38 . 2013-06-04 21:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-02 11:48 . 2013-06-02 12:13 98168 ----a-w- c:\windows\system32\drivers\klick.dat
2013-06-02 11:48 . 2013-06-02 12:13 116189 ----a-w- c:\windows\system32\drivers\klin.dat
2013-06-02 11:46 . 2013-06-09 19:23 -------- d-----w- c:\programdata\Kaspersky Lab
2013-06-02 11:46 . 2013-06-02 11:46 -------- d-----w- c:\program files\Kaspersky Lab
2013-05-18 11:19 . 2013-05-18 11:19 -------- d-----w- c:\program files\iPod
2013-05-18 11:19 . 2013-05-18 11:20 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-18 11:19 . 2013-05-18 11:20 -------- d-----w- c:\program files\iTunes
2013-05-15 20:31 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 16:01 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 16:01 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 16:00 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-04 21:41 . 2012-06-17 15:55 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-04 21:41 . 2010-05-13 15:44 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-15 20:22 . 2012-05-08 15:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 20:22 . 2012-05-08 15:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2009-10-22 16:22 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\HR\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\HR\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\HR\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 178280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2013-06-02 206448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
.
c:\users\HR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HR\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Inhaltsverzeichnis.onetoc2 [2008-8-14 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-26 535336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-12 809488]
PURE FlowServer Tray Control.lnk - c:\program files\PURE Flow Server\twonkymediaserverconfig.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-01-20 110304]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - pgtdipoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 20:22]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 11:11]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 11:11]
.
2013-06-09 c:\windows\Tasks\User_Feed_Synchronization-{A9E4DAC0-39CB-490B-9F0F-E247EFF8FD37}.job
- c:\windows\system32\msfeedssync.exe [2011-04-25 10:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Auswahl speichern - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Free YouTube to DVD Converter - c:\users\HR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to iPhone Converter - c:\users\HR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\HR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: URL notieren - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\HR\AppData\Roaming\Mozilla\Firefox\Profiles\j876emph.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jump-backtorock.de/
FF - ExtSQL: 2013-06-02 14:13; KavAntiBanner@Kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF - ExtSQL: 2013-06-02 14:13; linkfilter@kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF - ExtSQL: 2013-06-02 14:13; virtualKeyboard@kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - ExtSQL: 2013-06-09 10:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\HR\AppData\Roaming\Mozilla\Firefox\Profiles\j876emph.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{a060276a-53be-45ec-8ebe-b94b1e803179} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-Akamai NetSession Interface - c:\users\HR\AppData\Local\Akamai\netsession_win.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-09 21:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sgi"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xbm"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
.
[HKEY_USERS\S-1-5-21-412676877-3239291529-964018579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-09 21:42:31
ComboFix-quarantined-files.txt 2013-06-09 19:42
.
Vor Suchlauf: 11 Verzeichnis(se), 63.271.903.232 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 63.489.683.456 Bytes frei
.
- - End Of File - - D5283D626432B5FC48CDEC92EFC8E832
A863475757CC50891AA8458C415E4B25
Rechner neu gestartet, es gab davor und auch danach keinerlei Fehlermeldungen. Die Werbe-Banner sind noch da. Im adplus-filter (firefox) gibt es jetzt unter den "blockierbaren Elementen" eine Element mit topictorch, soll ich nen sreenshot davon machen? h |
|
09.06.2013, 21:18
| #11 |
| | Yontoo Maleware ? iReview und TopicTorch im Anhang der screenshot mit den blockierbaren Elementen auf genau meienr Homepage jump-backtorock. |
|
09.06.2013, 21:40
| #12 |
| | Yontoo Maleware ? iReview und TopicTorch ist evtl. der Counter(von widget.freeware) das Problem? Habe ich als freeware im Netz gesucht, erzeugt und den generierten Code als HTML in die JIMDO Homepage (HTML-Modul) übertragen. |
|
09.06.2013, 21:51
| #13 |
| /// Malware-holic | Yontoo Maleware ? iReview und TopicTorch hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 21:53
| #14 |
| /// Malware-holic | Yontoo Maleware ? iReview und TopicTorch ja, hatte ich auch überlegt, hau den mal raus. lerne besser den Umgang mit HTML bzw php, ist schon besser, wenn man sich da nicht auf baukästen verlassen muss :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 22:39
| #15 |
| | Yontoo Maleware ? iReview und TopicTorch Hallo Markus, Deine nexten Schritte mache ich gleich noch anschließend. Habe mal alle Counter (online und Gesamtcounter) auf allen Seiten entfernt, erscheint immer noch. habe aber auf meiner Unterseite "JUMP Anhören" ein/zwei blockierte Elemente gefunden, welche die Banner scheinbar beinflussen, (erscheinen oder nicht erscheinen wenn ich die Elemente blocke, sind die ersten beiden rot markierten Elemente im screenshot anbei. die Elemente kann ich der Seite noch nicht zuordnen, kann aber nur eine Grafik sein die schadhaft war/ist... |
|
| Themen zu Yontoo Maleware ? iReview und TopicTorch |
| applaus, bericht, besucher, erstellt, filter, firefox, gereinigt, herzlichen, homepage, internet, jpg, maleware, maleware ?, natürlich, nervig, programme, rechner, rückmeldung, scan, security, sichtbar, spam, tool, trojaner, unerwünschte, vista, windows, windows vista |
WARNUNG an die MITLESER: 
Linear-Darstellung
