| |
| |||||||
Log-Analyse und Auswertung: Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.06.2013, 08:05
| #1 |
| |  Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend. Eindrinling hat Schaden verursacht. Bin mir unsicher ob Zugang über WLAN oder PC Client erfolgt ist. Log Dateien meines PC Clients folgend. Code:
ATTFilter OTL logfile created on: 05.06.2013 13:37:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,76% Memory free 6,19 Gb Paging File | 4,75 Gb Available in Paging File | 76,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 67,70 Gb Free Space | 47,00% Space Free | Partition Type: NTFS Drive D: | 139,00 Gb Total Space | 48,69 Gb Free Space | 35,03% Space Free | Partition Type: NTFS Computer Name: ***-LAPI | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.05 13:28:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2013.01.03 11:56:06 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.09.02 10:34:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.02 10:32:54 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.02 10:32:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.02 10:32:37 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.08.08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.08 19:55:56 | 007,027,664 | ---- | M] (ETU Software GmbH) -- C:\Programme\HSETU\ApplicationService\ApplicationService.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.05.31 21:39:25 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.07.06 02:00:00 | 001,503,232 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe PRC - [2009.07.01 17:00:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.10.17 15:54:38 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.07.22 22:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.03.23 07:06:23 | 003,770,600 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe PRC - [2008.03.23 07:06:18 | 003,337,728 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008.03.23 07:06:06 | 003,642,368 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe PRC - [2008.02.26 10:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.15 11:34:14 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.02.15 10:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.02.14 16:19:18 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.02.06 10:58:46 | 000,589,824 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.02.03 23:14:48 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.02.03 23:14:40 | 000,523,312 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.24 04:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.09.26 07:24:42 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.04.24 19:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006.10.22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.04.12 21:09:24 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86f6e2383ca898849c321080b32b66f8\System.ServiceProcess.ni.dll MOD - [2012.04.12 21:02:12 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll MOD - [2012.04.12 21:02:05 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.02.20 13:16:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MOD - [2012.02.20 13:14:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012.02.20 13:12:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011.11.13 13:58:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.03.23 07:06:23 | 003,770,600 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe MOD - [2008.02.29 12:18:44 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3003.0__739b31b1908c49e5\Framework.UIComponent.dll MOD - [2008.02.29 12:18:44 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3003.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.02.29 12:18:44 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3003.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.02.29 12:18:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3003.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.02.14 18:43:22 | 000,204,800 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2008.02.03 23:14:30 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007.04.24 19:44:26 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.04.24 19:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Windows\system32\264dmmxi.exe srv -- (ehSchedRemoteRegistry) SRV - [2013.03.16 12:08:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Programme\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager) SRV - [2012.09.02 10:34:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.02 10:32:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.08 19:55:56 | 007,027,664 | ---- | M] (ETU Software GmbH) [Auto | Running] -- C:\Programme\HSETU\ApplicationService\ApplicationService.exe -- (HSETUApplicationService) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.14 20:13:13 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.07.01 17:00:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.02.15 10:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.02.14 16:19:18 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.02.03 23:14:48 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.24 04:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.26 07:24:42 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.09.28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.02 10:34:56 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.09.02 10:34:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.02 10:34:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.02 10:34:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.09.16 23:01:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2009.08.19 13:35:00 | 009,787,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.08.05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2009.06.15 22:55:51 | 000,000,000 | ---D | M] [Kernel | On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Media Maker 8\NTI Ripper Suite\ -- (N) DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.10.17 15:49:50 | 000,087,536 | ---- | M] (CyberLink Corp.) [2008/11/15 16:08:38] [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.03.23 07:06:09 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.03.13 14:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2008.03.13 14:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2008.02.22 11:53:12 | 000,080,784 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.02.15 10:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.12.19 22:05:12 | 000,097,216 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.10.30 08:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.09.26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.13 21:48:46 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2007.07.31 19:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007.07.13 10:56:08 | 000,230,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U6000ALL.sys -- (U6000ALL) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.11.22 18:50:44 | 000,401,024 | ---- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ttusb2bda.sys -- (TTUSB2BDA) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2005.02.04 17:12:50 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\110624019\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F9E89EB814DCF5CE6E3A09506524C877 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=F9E89EB814DCF5CE6E3A09506524C877&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.200:3128 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\***\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.19 21:04:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\***\Program Files\DNA [2009.01.27 10:36:38 | 000,000,000 | ---D | M] [2013.04.22 09:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2008.07.11 22:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.04.22 09:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.13 20:50:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.28 06:17:12 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\110624019\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files\iSaver\iSaverCtrl.exe (infoMantis GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD06A49-D9B5-4F4A-BC1B-0B078EDFAB52}: NameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Users\***\AppData\Roaming\appconf32.exe) - File not found O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2f632101-ef92-11dd-b13b-00a0d1a3ce6f}\Shell\AutoRun\command - "" = E:\Menu.exe O33 - MountPoints2\{d5092799-f893-11dc-96ca-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d5092799-f893-11dc-96ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{e25bc82c-a39d-11de-a865-001de05b75b5}\Shell - "" = AutoRun O33 - MountPoints2\{e25bc82c-a39d-11de-a865-001de05b75b5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: iscsdctr - (C:\Windows\system32\lsdePING.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 13:28:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.05 13:27:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Temp [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.05 13:36:36 | 000,657,902 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.05 13:36:36 | 000,136,862 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.05 13:36:36 | 000,013,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.05 13:36:36 | 000,007,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.05 13:36:11 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2809682822-3675678374-2311806212-1000UA.job [2013.06.05 13:34:59 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.05 13:33:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.05 13:28:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.05 13:09:05 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2013.06.05 13:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.05 12:16:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 12:16:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 12:01:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.06.05 11:01:06 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2809682822-3675678374-2311806212-1000UA.job [2013.06.05 11:01:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2809682822-3675678374-2311806212-1000Core.job [2013.06.05 09:16:22 | 000,353,402 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.06.05 09:16:21 | 000,353,402 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.06.05 09:16:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.05 08:17:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.05 08:16:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.05.07 20:16:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.05 13:34:59 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.02.01 19:47:05 | 000,070,912 | ---- | C] () -- C:\Windows\System32\ListLabel13JNI.dll [2013.01.06 20:04:32 | 000,000,000 | ---- | C] () -- C:\Windows\Legendgenerator.INI [2012.09.05 13:34:41 | 000,000,042 | ---- | C] () -- C:\Windows\player32.INI [2012.05.19 11:32:44 | 000,001,043 | ---- | C] () -- C:\Windows\wininit.ini [2011.06.19 10:52:25 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2011.06.16 23:43:13 | 000,002,109 | ---- | C] () -- C:\Windows\CDPLAYER.INI [2011.06.08 09:44:04 | 000,000,164 | ---- | C] () -- C:\Windows\DBDUIHost.exe.config [2011.01.19 19:08:13 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini [2011.01.19 19:08:13 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc [2009.10.11 16:47:29 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2009.10.11 13:16:00 | 000,353,402 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.10.11 13:16:00 | 000,353,402 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.02.14 19:15:16 | 000,000,144 | ---- | C] () -- C:\ProgramData\MagicPlayDVD.ini [2008.11.18 23:47:35 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.07.23 18:52:29 | 000,005,074 | ---- | C] () -- C:\ProgramData\mxnhytee.feu [2008.05.18 11:55:02 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.05.06 20:15:48 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.04.29 20:18:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.04.25 21:56:37 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.04.20 22:34:24 | 000,118,398 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.04.20 22:33:52 | 000,118,398 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.04.14 19:46:40 | 000,173,056 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.04.12 23:49:20 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.02.29 12:33:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2012.09.28 06:16:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2013.02.01 19:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AllbaseDemo [2012.07.14 09:18:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.03.06 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop [2012.09.28 06:17:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\blekko [2010.04.26 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2009.01.27 11:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNA [2013.06.05 08:19:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.12.19 21:10:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.12.19 21:04:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2008.04.16 19:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2011.05.26 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flinky-Zeugnis [2012.09.23 11:09:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto [2012.06.15 20:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hobbyist Software [2013.04.03 09:00:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HSETU [2012.07.22 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.12.14 20:47:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterTrust [2011.03.03 21:32:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock [2009.01.27 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2013.02.01 19:48:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek Allplan GmbH [2012.04.14 16:34:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetBak [2011.08.30 16:21:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2010.05.24 20:05:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver [2009.02.16 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2009.03.10 11:00:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TechniSat [2008.04.19 22:25:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2011.03.10 20:20:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs [2010.05.27 23:03:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uhsife [2009.01.24 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems [2008.04.12 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Validity [2012.12.19 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2011.03.10 20:20:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm [2011.05.26 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\[DS'n'] soft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:44FFBD548F1627E3 < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-11 08:30:59
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\pfrirkob.sys
---- System - GMER 2.1 ----
SSDT 90D8CFC6 ZwCreateSection
SSDT 90D8CFD0 ZwRequestWaitReplyPort
SSDT 90D8CFCB ZwSetContextThread
SSDT 90D8CFD5 ZwSetSecurityObject
SSDT 90D8CFDA ZwSystemDebugControl
SSDT 90D8CF67 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82EBB998 4 Bytes [C6, CF, D8, 90]
.text ntkrnlpa.exe!KeSetEvent + 539 82EBBCBC 4 Bytes [D0, CF, D8, 90]
.text ntkrnlpa.exe!KeSetEvent + 56D 82EBBCF0 4 Bytes [CB, CF, D8, 90]
.text ntkrnlpa.exe!KeSetEvent + 5D1 82EBBD54 4 Bytes [D5, CF, D8, 90]
.text ntkrnlpa.exe!KeSetEvent + 619 82EBBD9C 4 Bytes [DA, CF, D8, 90]
.text ...
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl section is writeable [0xA6F1F000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in ".vmp2" section [0xA6F42050]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\HSETU\ApplicationService\ApplicationService.exe[2188] kernel32.dll!CreateThread + 1A 7759CB48 4 Bytes CALL 00945A5D C:\Program Files\HSETU\ApplicationService\ApplicationService.exe
.text C:\Windows\Explorer.EXE[3552] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7673B37C 4 Bytes [F0, 1F, 00, 10] {POP DS; ADD [EAX], DL}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd5f579
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd5f579@001d288d755a 0x72 0x1A 0x76 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd5f579@0018afa8796a 0x63 0x95 0xA3 0xB1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001e4cd5f579 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001e4cd5f579@001d288d755a 0x72 0x1A 0x76 0x15 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001e4cd5f579@0018afa8796a 0x63 0x95 0xA3 0xB1 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter OTL Extras logfile created on: 05.06.2013 13:37:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,76% Memory free
6,19 Gb Paging File | 4,75 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 67,70 Gb Free Space | 47,00% Space Free | Partition Type: NTFS
Drive D: | 139,00 Gb Total Space | 48,69 Gb Free Space | 35,03% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2809682822-3675678374-2311806212-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E9DA30-6F83-4476-80A8-8F8C37D45C94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09CBBB33-FB39-4431-9AAD-2443B8A3F94E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BD28F1F-7E28-4E0C-9485-D573A3DA7256}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0D3E06D4-FA31-4922-9689-5A6DA79E4694}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1489C196-091C-4E26-B6EF-535DAC88E3B3}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{186209E5-53F0-4AF0-8442-8029D46C4FBC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19205DFA-B9CC-4B00-A182-C97D88928464}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1C8A16D7-441D-4C52-8C7F-9CA4FB41158F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DA6F95F-F0B3-4578-A08E-CFDBD10DBA5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F3FBC23-0F62-46E7-8590-AA96BC8C3684}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{245D722D-A496-400A-B7AF-09AB614B2CEE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2986688E-19FE-4ECA-BAA2-3607A759905A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A03F359-2F74-4254-899B-AC0BFEE6A8A9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2E212B5D-5584-430C-93F0-6CFF5F6907AF}" = lport=3390 | protocol=6 | dir=in | app=system |
"{3AA10510-4F13-43CE-B81D-3F56EAE544AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42F8EE3D-EB17-4B56-933D-85403388D985}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{433D7DAD-1C27-40B1-A628-E604DFBAE69C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{46CDEE22-E968-4E2E-8C10-DAC0D4F1CA17}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4FED6C77-39B7-4392-A6F8-67F1BF557496}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52A1650A-E75B-41C6-9171-3C6793D01B6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53157F9E-088C-421F-A357-3514F8936CB4}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{5A237A2F-A8E9-4715-939D-4A303F639D28}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AFE01E0-1DE5-46BE-A54E-4AF02F5BCD6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F5741A6-2E21-4857-8D50-0E17908501EB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{65A88B85-3A82-4521-9B1A-1291E4E3ABFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AB3A8A8-7B3A-4B7A-A66A-D2BF454EFE80}" = rport=10244 | protocol=6 | dir=out | app=system |
"{84BAD39E-7CBD-443E-9887-32628FE23849}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{885DF0FE-4743-4BBD-9258-2E82D8C39437}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9B5AA448-0120-4888-BA4C-6BA84503E071}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D4D4E27-5208-4E86-8CB1-DCA28B889AC9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2E59BEB-8D84-435B-9D79-BA03B6FA21C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5D44B6A-E121-416B-9BC5-EAF8F347C5F8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{ABAE0973-26B1-4116-87DA-C81D46C991DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B66C9615-964F-485D-9A37-2E9A4494ACF1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B8239AB2-E8EC-454D-86D0-58DA30FCC76B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8DB357B-FE02-4AAD-BB54-64E43AF639E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B962811E-AA5B-4327-8453-F8EDB8BA4929}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBF73626-B099-4B60-A3A4-2270A2E5D6BF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C62D871C-7C77-4DE8-BAD7-122FA220128A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1DB0609-2931-45EE-8ACA-541B34AA1B8C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{D30E9959-59B9-4BCC-8EB4-CED08C5F0901}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D47E2ACF-5099-4F41-8FF1-455979049CD4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D96642BC-DA2C-435A-A796-E96916BBE512}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DD006021-6C2A-4093-AE40-33316FD9A106}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008C8268-91E0-4520-A6F3-FF0EDA15BCEF}" = protocol=6 | dir=out | app=system |
"{04EE22B7-6E5C-4BF2-846F-65110027BBD0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0585838A-3D0A-4137-8FCC-0366E2778284}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09E51594-F358-470E-8C24-A96F19E62137}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{0DD65A2F-C6E3-4521-AC37-D268B60C2E56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{10761EA8-00ED-4822-84B8-E217AC4CF6F7}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1791C040-3CC3-486A-82B1-3BA15B03890F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A8C3BC2-FA89-4D90-AB1C-628646737753}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1BF911E9-66B3-4C2B-8F1D-CC0035E2022F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{23C12D45-D942-406B-A19E-9BBB5B3B9DE0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{275ADB6F-6E11-4EE7-B47B-445EFF1D80BF}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{2D1F6623-0EB0-4953-B5E8-7C2787E93D2F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{2DF0D5AF-D644-47B7-B6A1-FE92E9FE66B0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{309C89F1-82E0-4685-8A21-554C09DEF941}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36A92A58-FB42-4DC5-BA88-7907C4099E38}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{37BC8E2C-9E14-4925-883C-3E571F6A4CB5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{3BD7DA5D-1D77-481C-BF0A-625289993892}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44984FFB-435E-46CE-9D91-F2524516F3FD}" = dir=in | app=c:\program files\hobbyist software\vlc streamer\vlc streamer configuration.exe |
"{48B5C503-7C65-4BC8-BEDA-4D1648851543}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52EF79E7-C7E0-4B21-9A45-56EF4D3F0A96}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{56C1180E-A702-413B-82EA-210A14D5B510}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{57160537-CB95-4069-A2BB-4878649DCEDB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5BF57D12-0A6D-46CC-B1C8-0C77366F58E3}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{5D9C1229-75CD-470D-8D13-EE7D0C470633}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{655463CD-BDE0-4FE7-AEC1-0DF0F67C41E4}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{77424672-7AF0-4836-8854-2AF3B37EB312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7822A577-5014-45A8-819B-7CA65D49C4A6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7A7B0167-09B0-4268-9491-9C641660B031}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F9332F7-F288-4441-BCA5-3DAA6E390879}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{86B689F5-D2A8-408A-883B-569E70E26C7B}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{8D6B6DFE-968E-4F47-B21C-2E6AFFAD70AA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{90710999-75C8-454B-B856-5C5781918D9A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{94C4A09C-162D-451D-A5A0-DD28CC2D27FD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{95A7A00F-3CD8-4E06-82E4-FCE65FB82BA8}" = dir=in | app=c:\program files\hobbyist software\vlc streamer\mdnsresponder.exe |
"{9771E04A-88C1-4F6C-9FD0-AEB5827617A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A11711C3-3618-4194-98DD-2916728EEB77}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{A1913841-FC1B-4E1B-A378-EDAD02A682B9}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{A3031977-37F6-45C3-851D-3E146D0E14E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A381B01C-AA7F-477A-ADC9-63DAA6BF7613}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A79CA790-972A-4EC0-AA16-589C6E418308}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AAECB3DC-82C9-433B-BCAD-207CEF95F6CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B457291D-CCFE-49BA-BFD9-958AB3D1FB13}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{B5FFD49F-6BA9-428A-A538-9468D3C784E3}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{C4470206-8487-4AD0-82A0-D28EA517D7C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC74C217-B282-46F5-B1E9-AF3B16E04768}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1B75F9E-D119-40E2-82EF-1C45B550C26E}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D20783A1-6FAD-43E0-8A5F-96B082FA0391}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{D5A1DAEA-6055-4119-8665-78BF4232E67D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DC1A7963-6F55-4C37-A7A0-0E585912C3C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0329C46-7734-4F75-8A6B-B4D7CCFB5ED7}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E3416BF4-89F7-4D92-9D27-AD1F98858879}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7D7DB69-C504-4A96-A0F8-E1B2B1545880}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE144918-FAA6-496D-9E19-CBF42DF4081D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F25C1B8C-ABE3-4F69-9020-BD9E11D8A1C8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F3DBBD2B-6EEE-4063-AA3C-BF86821A767D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB8558F1-5F40-445E-9DFD-231155D09FB2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{04A4EA94-6925-4CB1-AD49-E5BCDF1A40DC}C:\program files\qnap\netbak\netbak.exe" = protocol=6 | dir=in | app=c:\program files\qnap\netbak\netbak.exe |
"TCP Query User{0A8817BA-9B24-4D0A-92D5-7EB4F98366B7}E:\haloceded\haloceded.exe" = protocol=6 | dir=in | app=e:\haloceded\haloceded.exe |
"TCP Query User{0E619557-ABC0-41FB-8F40-7AB91B9E87BD}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{38532C0A-7179-4E25-AD3F-41CDC6A823BC}C:\program files\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\gamers.irc\mirc.exe |
"TCP Query User{503AC68F-AF33-44AE-8CAB-9C30F85D8EBA}D:\dream800\dcc\dcc_e2.exe" = protocol=6 | dir=in | app=d:\dream800\dcc\dcc_e2.exe |
"TCP Query User{54AFAA28-9A3D-4EBC-862B-B67134A7AE37}\\ambusnasts412\network recycle bin 1\fernsehen\dreambox\dream800\dcc\dcc_e2.exe" = protocol=6 | dir=in | app=\\ambusnasts412\network recycle bin 1\fernsehen\dreambox\dream800\dcc\dcc_e2.exe |
"TCP Query User{58313B56-76C4-47F5-AE5C-F1F969D959A1}C:\users\sandro\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sandro\program files\dna\btdna.exe |
"TCP Query User{6347D48C-B5F3-451B-B8BA-0EA8AA62E563}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{6DA8466D-DF35-4963-AD37-987C7BBD1F79}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{72425B68-5FE8-48F7-95EE-B6BA0FA31E44}C:\program files\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\gamers.irc\mirc.exe |
"TCP Query User{78C2D667-9D29-4A90-8EE5-E357BACA2091}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{811919F9-3C94-400A-AE8A-FBCBD727983D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{C8E3DFD1-DEDE-475D-8172-0D3008DC548E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D8CF15B6-F2B9-4DF5-9A72-4BDA1A5091CD}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{D9FDFF34-E807-4F3E-B921-F1B79D6E73E1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F145AFBC-0B1D-470D-B35C-AB99BD2A21D9}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\finder.exe |
"TCP Query User{F51A3AD3-49C3-4C28-B153-BC5B528B456F}C:\users\sandro\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sandro\program files\dna\btdna.exe |
"UDP Query User{11264FA4-96DA-4EE1-BB86-121B6962CE0A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{44D84D5E-53ED-47F0-938E-D9D25CEC5D7F}\\ambusnasts412\network recycle bin 1\fernsehen\dreambox\dream800\dcc\dcc_e2.exe" = protocol=17 | dir=in | app=\\ambusnasts412\network recycle bin 1\fernsehen\dreambox\dream800\dcc\dcc_e2.exe |
"UDP Query User{4AAAF272-245A-45BD-9937-13DC9BE4E3FC}C:\program files\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\gamers.irc\mirc.exe |
"UDP Query User{54FFCF39-546D-40C2-8805-115B5AA7B52E}C:\users\sandro\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sandro\program files\dna\btdna.exe |
"UDP Query User{570A7862-9DE3-494F-86CD-5B80F3FC5376}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\finder.exe |
"UDP Query User{66DDAE17-2F98-4B82-85C6-2C9E377C3AE2}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{916EFCC4-D16D-419D-8D4A-DF27530D72F3}C:\program files\qnap\netbak\netbak.exe" = protocol=17 | dir=in | app=c:\program files\qnap\netbak\netbak.exe |
"UDP Query User{9DBEFD76-6778-4FD0-B57D-B614593A6A1E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A3AFC68A-8D93-4F84-A0A5-514411F216AB}C:\users\sandro\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sandro\program files\dna\btdna.exe |
"UDP Query User{ACF122D3-BC2A-44F0-8DCA-FD9740259903}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B33A9779-3ACB-41F5-B821-E87DA30C778F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{BA6F7946-DDB5-44A8-9728-C74A4C87B239}D:\dream800\dcc\dcc_e2.exe" = protocol=17 | dir=in | app=d:\dream800\dcc\dcc_e2.exe |
"UDP Query User{BF54100E-0E91-4BC5-9EE1-B5752F7ACF80}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{BF7DEFCC-4E74-48F4-B7C0-02EA278C85B0}E:\haloceded\haloceded.exe" = protocol=17 | dir=in | app=e:\haloceded\haloceded.exe |
"UDP Query User{C8A5E7AE-84F7-49BC-9606-956C4664B12B}C:\program files\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\gamers.irc\mirc.exe |
"UDP Query User{E3C8704B-BF50-41FB-85F2-1CFAC89A0518}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{FBE1F537-410D-4D98-9FD9-099EEC111183}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}" = BlackBerry Device Software Updater
"{2CAD9C1F-4A40-4F93-83B7-62CCF8309223}" = MFC8.0 Runtime Setup
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F84E97F-FD69-4601-826E-3D5BA5E7465B}" = ArCon 2003
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{31CB86FB-6C69-402A-BBD0-279341EC9212}" = HSETU Programm-Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{336E61EA-E5DF-40E3-BB16-0F1A814AF368}" = STLB-Bau XML V2 - Client
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5573691E-F76A-4221-92C4-8EB50EC9025C}_is1" = Flinky Zeugnis
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A67EE53-2CE7-40CD-BA31-70F0C801A189}" = TV-Guide
"{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"{5E5E66D9-68DF-4818-A883-8787DC52EB7A}" = General Runtime Files for Nemetschek Allplan 2009
"{5E8C42DD-7E43-462C-84CC-99E5BBE3E101}" = Steuer 2007
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FD0234-2334-4BD3-A4BA-C73654E5BAFB}" = HSETU Lüftungskonzept Bildung
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B23387EB-1908-4AD2-98D8-8A1221CBF8AF}" = DownloadHandler
"{B754B683-E23C-4583-9312-50AD86836B42}" = Steuer Hilfesammlung
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF213333-DA71-48E9-9AB5-9FA7A5584E5D}" = "Arbeitsblätter gestalten - blitzschnell mit Word"
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E942B812-0768-48EE-903D-87B7EE463117}" = HTML.Browser.Framework 3.5.3 (x86)
"{EB86D0C1-E6AA-48DA-A8ED-AFD7A0AACC0A}" = HE@D PC_Program
"{EE7AF1A0-8E50-4322-A8FA-E96C01369B40}" = TechniSat TV Center
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95870D8-28CC-47F0-AE7B-173236E4DB2E}" = HS Energieberater 18599 Bildung
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1A5A977E511ED61600002E176F048ED6FCBD8560" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass (12/18/2007 5.0.0004.6)
"AC3Filter" = AC3Filter (remove only)
"Acer Acer Bio Protection 6.0.00.08" = Acer Bio Protection
AAV 6.0.00.08
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"adawaretb" = Ad-Aware Security Add-on
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"ARCHITEXT Pallas® 3.1.614.1006_is1" = ARCHITEXT Pallas® 3.1.614.1006
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CCleaner" = CCleaner
"cyberlnH" = CyberLink H.264/AVC video decoder
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"DVB Dream_is1" = DVB Dream version 1.4i
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Stylus S20 Series" = EPSON Stylus S20 Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"FreePDF_XP" = FreePDF XP (Remove only)
"Gamers.IRC" = Gamers.IRC 5.25
"Google Updater" = Google Updater
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LIGNO Bemessungsprogramm V5.08" = LIGNO Bemessungsprogramm V5.08 LTB V5.08
"LManager" = Launch Manager
"MF Bauphysik" = MF Bauphysik
"MF CadViewer" = MF CadViewer
"MF DachDesigner" = MF DachDesigner
"MF Drain" = MF Drain
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NoIPDUC" = No-IP DUC
"NVIDIA Drivers" = NVIDIA Drivers
"PRJPRO" = Microsoft Office Project Professional 2007
"ProInst" = Intel PROSet Wireless
"QNAP_FINDER" = QNAP Finder
"QNAP_NASNetBak" = QNAP NetBak Replicator
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 0.9.6
"VLC Streamer_is1" = VLC Streamer 2.26
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR
"XMind" = XMind
"xrayScreensaver2" = xrayScreensaver2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.06.2013 03:16:17 | Computer Name = Sandro-Lapi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 880439
Error - 05.06.2013 03:16:17 | Computer Name = ***-Lapi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 880439
Error - 05.06.2013 03:16:18 | Computer Name = ***-Lapi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.06.2013 03:16:18 | Computer Name = ***-Lapi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 881453
Error - 05.06.2013 03:16:18 | Computer Name = ***-Lapi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 881453
Error - 05.06.2013 03:16:23 | Computer Name = ***-Lapi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.06.2013 03:16:23 | Computer Name = ***-Lapi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 885914
Error - 05.06.2013 03:16:23 | Computer Name = ***-Lapi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 885914
Error - 05.06.2013 05:01:06 | Computer Name = ***-Lapi | Source = Google Update | ID = 20
Description =
Error - 05.06.2013 05:15:03 | Computer Name = ***-Lapi | Source = Google Update | ID = 20
Description =
[ Media Center Events ]
Error - 14.01.2010 12:37:03 | Computer Name = ***-Lapi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 14.01.2010 12:38:04 | Computer Name = ***-Lapi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 08.02.2010 13:51:14 | Computer Name = ***-Lapi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 08.02.2010 14:57:14 | Computer Name = ***-Lapi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 22.02.2010 13:45:40 | Computer Name = ***-Lapi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 22.03.2010 15:05:33 | Computer Name = ***-Lapi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 09.05.2012 13:02:51 | Computer Name = ***-Lapi | Source = Mcx2Dvcs | ID = 401
Description =
Error - 09.05.2012 13:03:11 | Computer Name = ***-Lapi | Source = Mcx2Dvcs | ID = 401
Description =
Error - 09.05.2012 13:03:40 | Computer Name = ***-Lapi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 17.11.2012 12:10:59 | Computer Name = ***-Lapi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ OSession Events ]
Error - 25.03.2011 16:43:10 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2957
seconds with 720 seconds of active time. This session ended with a crash.
Error - 23.04.2011 02:43:18 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.04.2011 15:31:05 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 82
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.05.2011 14:12:29 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2404
seconds with 720 seconds of active time. This session ended with a crash.
Error - 06.03.2012 04:23:35 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1379
seconds with 600 seconds of active time. This session ended with a crash.
Error - 06.04.2012 14:20:36 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 595
seconds with 60 seconds of active time. This session ended with a crash.
Error - 06.04.2012 14:32:02 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 657
seconds with 240 seconds of active time. This session ended with a crash.
Error - 16.05.2012 14:11:55 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.05.2012 14:12:02 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.05.2013 05:50:37 | Computer Name = ***-Lapi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 46 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.06.2013 07:56:40 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:57:15 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:57:15 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:57:15 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:58:39 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:58:39 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:58:39 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:58:40 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:58:40 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
Error - 05.06.2013 07:58:40 | Computer Name = ***-Lapi | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
11.06.2013, 08:08
| #2 |
| /// the machine /// TB-Ausbilder    | Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend. Nettes Log
__________________ definier mal bitte Schaden? Wir können das Bereinigen, aber das Teil hat Backdoor-Funktionalitäten. You're choice Sag mir nur was wir machen sollen
__________________ |
|
11.06.2013, 08:40
| #3 |
| | Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend. Würde gerne erstmal wissen ob mein PC Client infiziert ist?
__________________Danke im Voraus. |
|
11.06.2013, 13:27
| #4 |
| /// the machine /// TB-Ausbilder | Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend. Von welchem Rechner sind diese Logs oben?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.06.2013, 14:40
| #5 |
| | Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend. Von einem Heimnetzwerk Client. Sind die Logs sauber oder gibt es Hinweise auf einen Trojaner o.ä. ? |
|
11.06.2013, 15:41
| #6 | |
| /// the machine /// TB-Ausbilder | Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend.Zitat:
Das Teil ist verseucht bis unters Dach. Deswegen die Frage was wir machen sollen.
__________________ --> Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend. |
|
| Themen zu Eindrinling im Netzwerk hat erheblichen Schaden verursacht, Logs folgend. |
| 192.168.0.2, ad-aware, antivir, avira, bho, bonjour, browser, email, error, excel, failed, firefox, flash player, home, homepage, install.exe, intranet, logfile, netzwerk, no-ip, plug-in, prozess, realtek, scan, software, svchost.exe, usb, vista, visual studio |
Linear-Darstellung
